North Korean Hackers Suspected Behind Surge in LiFi Volume After Bybit Hack, Says Blockchain Investigator
LiFi Protocol, a cross-chain bridge facilitating asset transfers across multiple blockchains, recently reported record-breaking growth—but new allegations suggest the surge may not be as organic as it appears.
According to blockchain analyst ZachXBT, the spike in LiFi activity during May—amounting to $3 billion in volume and over 4.3 million transactions—may have been fueled, in large part, by North Korean hackers laundering stolen crypto funds.
LiFi’s founder, Arjun Chand, highlighted the platform’s milestone earlier this week, celebrating over 510,000 unique users during the month. But ZachXBT quickly responded, suggesting that the activity was inflated by money laundering linked to the Bybit hack, in which $1.4 billion worth of crypto was stolen.
“Fun fact: Whenever your favorite cross-chain bridge flexes record usage/volume stats for the month, there’s a high likelihood the activity came from DPRK laundering funds from hacks,” ZachXBT said on June 3.
He estimated that 15–25% of LiFi’s May activity could be tied to such laundering efforts.
According to his analysis, the North Korean-linked groups used chain-hopping and repeated token swaps—common laundering tactics that obscure the origin of stolen crypto. These techniques can inflate usage metrics by making funds appear as legitimate user activity spread across various blockchains and wallets.
“Usage gets overstated because they repeatedly chain hop back and forth to obfuscate movements,” ZachXBT explained. The complexity of these operations makes them difficult to trace, despite blockchain’s transparent nature.
By the end of May, more than half of the stolen funds from the Bybit hack were reportedly untraceable, raising concerns about the effectiveness of current blockchain tracking and the vulnerability of cross-chain protocols to misuse.
LiFi has not publicly responded to the allegations, and there’s no formal confirmation of ZachXBT’s estimates. Still, the claims raise important questions about how cross-chain platforms monitor suspicious behavior and how illicit activity can distort the perception of real user growth.