According to Eric Wall, co-founder of Taproot Wizards, the Bybit stolen incident has been basically confirmed to be a cause of the North Korean hacker group Lazarus Group. According to Chainalysis’ 2022 report, the organization usually follows a fixed pattern of disposing of stolen funds, and the entire process can last for several years. Data for 2022 shows that the organization still holds $55 million from the 2016 attack, showing it is not in a hurry to cash out quickly. Regarding the disposal process of stolen funds: Step 1: Convert all ERC20 tokens (including liquid derivatives such as stETH) to ETH; Step 2: Redeem all the ETH you obtained into BTC; Step 3: Gradually convert BTC into RMB through the Asian Exchange; End use: The funds are said to be used to support North Korea’s nuclear weapons and ballistic missile programs; Analysis points out that Bybit is currently replenishing an ETH gap of about $1.5 billion through borrowing, a strategy that may be based on the expectation of recovering stolen funds. But given the fact that it is confirmed to be done by Lazarus Group, the possibility of recovery is extremely low, Bybit will have to purchase ETH to repay the loan. In the long run, Bybit's purchase of ETH and Lazarus Group's selling of ETH in exchange for BTC may offset each other, and the BTC acquired by Lazarus Group will gradually convert into selling pressure in the next few years.