Research

Tracing the Bybit Hack: Allium analysis featured in Hacken's 2025 Web3 security report

Hacken released their 2025 Yearly Security Report this week, analyzing over $4 billion in Web3 losses across the year. Allium's cross-chain analysis contributed to understanding how DPRK threat actors laundered stolen funds.

Allium Team

01 Jan 2026 — 1 min read

Laundering through DeFi protocols

"DPRK threat actors primarily launder stolen funds through DeFi protocols, mixers, and centralized exchanges. DeFi protocols are particularly useful for laundering because they don't require KYC verification. Attackers can interact directly with smart contracts without linking their addresses to verified identities.

In the Bybit hack—the largest single theft on record at $1.5 billion—Allium's cross-chain analysis of Ethereum transactions found that approximately $386 million was routed through DeFi aggregators, which automatically split transactions across multiple decentralized exchanges.

PancakeSwap alone processed $263 million, roughly one-fifth of the total stolen funds. This dispersion across multiple assets and liquidity pools complicates tracing of the stolen funds and recovery efforts.”

DPRK operations in 2025

The report attributes approximately 52% of total Web3 losses in 2025 to North Korea-linked threat actors—nearly $2 billion. "In recent years, 100% of crypto thefts attributed to North Korean actors have relied on social engineering and advanced phishing rather than smart contract exploitation."

The cluster known as TraderTraitor executed exchange breaches including Bybit, Phemex, BTC Turk, and SwissBorg, extracting approximately $1.85 billion across 2024 and 2025.

How Allium's data supports threat intelligence

Allium provides blockchain data infrastructure across 130+ chains that powers threat intelligence, compliance monitoring, and investigations. The Bybit analysis demonstrates how this data gets used in practice—by security firms, government investigators, and compliance teams tracing illicit fund flows.

Read Hacken's 2025 Web3 Security Report

Read our full analysis of the Bybit hack and DPRK laundering tactics

Onchain Execution: How Institutions Are Trading in DeFi Markets

A joint perspective from Uniswap Labs and Allium on the infrastructure enabling institutional DeFi adoption The institutional conversation around trading onchain has shifted from "if" to "how" over the past 18-24 months. What was once viewed as experimental infrastructure for retail traders now represents a strategic

Making Sense of Onchain Data at Base and Bundlebear

How Kofi Kufuor built Bundlebear into the go-to ERC-4337 dashboard, then brought the same data infrastructure to Base's analytics team.

Mapping the Flow of DEX Swap Execution: Allium’s Orderflow Explorer

The Orderflow Explorer, built by Allium through a Uniswap Foundation grant, maps the complete path of every DEX swap across Ethereum, Arbitrum, Base, and Unichain. This post covers what the Orderflow Explorer does, how we built the underlying schema, and how we validated it.

Understanding Stablecoin Activity: Dashboard for Settlement Asset Ecosystem Transparency

How Allium built infrastructure for real-time visibility into activities of stablecoins, showcased at the Singapore FinTech Festival 2025 The Market Intelligence Challenge As stablecoins have grown to over US$300 billion in market cap, public sector entities working to understand digital asset markets face a fundamental challenge: how do you

Read more

Onchain Execution: How Institutions Are Trading in DeFi Markets

Making Sense of Onchain Data at Base and Bundlebear

Mapping the Flow of DEX Swap Execution: Allium’s Orderflow Explorer

Understanding Stablecoin Activity: Dashboard for Settlement Asset Ecosystem Transparency