Lazarus High Risk Bybit Hacking Investigation [CLADIOUS-[BYBIT_HACKER_LAZARUS_ITER]-2025-001] - Wallet Analysis Report - Very High Risk - 0x49cb...5e4f
Published
14 Jul 2025
5 views
Wallet Name
Analysis Target Wallet (CLADIOUS-[BYBIT_HACKER_LAZARUS_ITER]-2025-001) - 0x49cb...5e4f
Login to view LLM Analysis
Overview
Project Scope
Analysis of wallet 0x49cbd3429eda9fae35028154297f149291145e4f - Lazarus High Risk Bybit Hacking Investigation
Suspicious Wallet Hash
0x49cbd3429eda9fae35028154297f149291145e4f
This is the primary wallet address being investigated in this report.
Methodology
Research Methodology
Automated Analysis Methodology for Wallet 0x49cbd3429eda9fae35028154297f149291145e4f
1. Data Collection
- Automated transaction retrieval from blockchain
- Historical transaction pattern analysis
- Network connection mapping
2. Analysis Algorithms
- Multi-algorithm approach using 26 detection methods
- Statistical anomaly detection
- Behavioral pattern analysis
- Network-based risk assessment
3. Risk Scoring
- Weighted risk factor calculation
- Multi-dimensional analysis
- Historical comparison baseline
- Real-time pattern detection
4. Report Generation
- Automated findings compilation
- Risk level determination
- Recommendation synthesis
- Compliance-ready documentation
Data Collection
Data Collection Process for 0x49cbd3429eda9fae35028154297f149291145e4f
1. Blockchain Data Retrieval
- Retrieved 26 analysis data points
- Collected complete transaction history
- Gathered network connection data
2. Analysis Processing
- Applied multiple detection algorithms
- Performed statistical analysis
- Generated risk indicators
- Created behavioral profiles
3. Quality Assurance
- Data validation checks
- Algorithm consistency verification
- Result accuracy confirmation
Data Preprocessing
Data Preprocessing Steps:
1. Data Cleaning
- Removed duplicate transactions
- Standardized timestamp formats
- Validated transaction data integrity
2. Feature Engineering
- Created time-based features
- Calculated statistical metrics
- Generated network features
3. Normalization
- Applied consistent scaling
- Handled missing values
- Optimized for analysis algorithms
Design Pattern
No design pattern information is available for this report.
Analysis
General Analysis Summary for 0x49cbd3429eda9fae35028154297f149291145e4f
Risk Level: Very High Risk Score: 100/100 Total Issues Identified: 101 Suspicious Transactions: 26
Key Findings: - Automated analysis detected 26 suspicious transactions - Risk assessment indicates very high risk level - 101 total suspicious patterns identified across all algorithms - Standardized risk score: 100/100
Analysis Confidence: High (automated multi-algorithm approach) Recommendation: Immediate investigation required
No suspicious patterns detected.
0x2cbe06079eeac9085394b3594f2f11c2932d9e98167b834a6f3c252b5241622b: Very short time between transactions
0x3e2bed287783229e0af154ce0951fb748541a585902f641eab5363413a220706: Very short time between transactions
0xede9aee1118945312881dd30da67e76a0594060b3deee83588427e2e3122c325: Very short time between transactions
0x9f700975ecd4b1643bdc1d03e4c85991b580907078fc8d8e13a5d1d0924d9198: Very short time between transactions
0x699e0a9980be64c72bae42721c22770fd5adb0ea140e0a24683fff22cf955ea1: Very short time between transactions
0xe959c40a07feb785e6211b98fb741ed6fd24b05926ac94bf6f132b0c7e48fdab: Very short time between transactions
0x8eff592b922ebab21b3ebf1ccd3dffe174fc8a47da20371aad4c6758f8c24831: Very short time between transactions
0x07e43bb7b4c8f362222994483fea14994d77ba323bd8f85c6f6edec5a8dacd11: Very short time between transactions
0xf1300eb7b8258e6e70569041ae7985b62f5ba71950f75fcf0f6a65e205336a21: Very short time between transactions
0x6c0608109e17eefadc5f0831f8232c84d902981073fe502bf82e732abaaf34b8: Very short time between transactions
0x534216a99b82e8d82b2464d48ea83df56e8e932adde55a8104e5c64555032db6: Very short time between transactions
0x3bfaba5cd26f8e3679a933f62cdc912d4b3bc5010369c3050350073263d93b8f: Very short time between transactions
0x91bf7d7a0e588c6eed2da1d57ad6a47e2989856bfc8c531eaf39428a9ce318eb: Very short time between transactions
0x1e1240a415ead50434baecd60d9e9692c8e44be11e9d607f2602c42ac8cc799e: Very short time between transactions
0x6ff081f2fa31cc771f23e629c382b98bdd9fa4eaecb8ba8cf2f4be8dadf2f285: Very short time between transactions
0xb808bda2946d0083d2fee05300fc240cd79dacad2389f506dbb7c8788b81d884: Very short time between transactions
0xd3560f55477dd33b654364a8710d10c39eb1e379b20891b0b342cc9a91c51c71: Very short time between transactions
0xa844d7e7cf0980fa48f00e9986bc75caa6782ed7d54305a069c61e4b9cad1219: Very short time between transactions
0x30aee56e9be736cd19a29ce6407ce67adc1019c160fe465b898e23d0d6473b4e: Very short time between transactions
0x806d94f028e68d2526465ff752bd32167fed875448ac0f6cd1de98ead5f98133: Very short time between transactions
0xd93d37c5dc64ae34e608be4e53f12aa979135cbc6c7516bb5de36f73f4d08743: Very short time between transactions
0xf63f3543b54ccd27cb99c534fa5cfc076737154913a02f846d4d3c6780f88346: Very short time between transactions
0xdc59ba3b934a91d56707f2d9b13034c959d42f3eea3b35695c3f893576eae344: Very short time between transactions
0xa3da60b2e83239284971ea8844c62e2efe8eb329facb773c9f00b2510499e37f: Very short time between transactions
0xe1e5ed721dcdef96cba99a5eacbdf03402e2c2c217304387d5751bb08862b03e: Very short time between transactions
0x8eff592b922ebab21b3ebf1ccd3dffe174fc8a47da20371aad4c6758f8c24831: Transaction amount halved compared to previous transaction
0x07e43bb7b4c8f362222994483fea14994d77ba323bd8f85c6f6edec5a8dacd11: Transaction amount halved compared to previous transaction
0x6c0608109e17eefadc5f0831f8232c84d902981073fe502bf82e732abaaf34b8: Transaction amount significantly lower than average
0x534216a99b82e8d82b2464d48ea83df56e8e932adde55a8104e5c64555032db6: Transaction amount significantly lower than average
0x3bfaba5cd26f8e3679a933f62cdc912d4b3bc5010369c3050350073263d93b8f: Transaction amount significantly lower than average
0x91bf7d7a0e588c6eed2da1d57ad6a47e2989856bfc8c531eaf39428a9ce318eb: Transaction amount doubled compared to previous transaction
0x1e1240a415ead50434baecd60d9e9692c8e44be11e9d607f2602c42ac8cc799e: Transaction amount significantly lower than average
0x6ff081f2fa31cc771f23e629c382b98bdd9fa4eaecb8ba8cf2f4be8dadf2f285: Transaction amount doubled compared to previous transaction
0xb808bda2946d0083d2fee05300fc240cd79dacad2389f506dbb7c8788b81d884: Transaction amount doubled compared to previous transaction
0xd93d37c5dc64ae34e608be4e53f12aa979135cbc6c7516bb5de36f73f4d08743: Transaction amount halved compared to previous transaction
0xf63f3543b54ccd27cb99c534fa5cfc076737154913a02f846d4d3c6780f88346: Transaction amount halved compared to previous transaction
0x2cbe06079eeac9085394b3594f2f11c2932d9e98167b834a6f3c252b5241622b: High frequency transactions (less than 1 minute interval)
0x3e2bed287783229e0af154ce0951fb748541a585902f641eab5363413a220706: Regular interval transactions between the same wallets
0xede9aee1118945312881dd30da67e76a0594060b3deee83588427e2e3122c325: Regular interval transactions between the same wallets, High frequency transactions (less than 1 minute interval)
0x9f700975ecd4b1643bdc1d03e4c85991b580907078fc8d8e13a5d1d0924d9198: High frequency transactions (less than 1 minute interval)
0x699e0a9980be64c72bae42721c22770fd5adb0ea140e0a24683fff22cf955ea1: High frequency transactions (less than 1 minute interval)
0xe959c40a07feb785e6211b98fb741ed6fd24b05926ac94bf6f132b0c7e48fdab: High frequency transactions (less than 1 minute interval)
0x8eff592b922ebab21b3ebf1ccd3dffe174fc8a47da20371aad4c6758f8c24831: High frequency transactions (less than 1 minute interval)
0x07e43bb7b4c8f362222994483fea14994d77ba323bd8f85c6f6edec5a8dacd11: High frequency transactions (less than 1 minute interval)
0xf1300eb7b8258e6e70569041ae7985b62f5ba71950f75fcf0f6a65e205336a21: High frequency transactions (less than 1 minute interval)
0x6c0608109e17eefadc5f0831f8232c84d902981073fe502bf82e732abaaf34b8: High frequency transactions (less than 1 minute interval)
0x534216a99b82e8d82b2464d48ea83df56e8e932adde55a8104e5c64555032db6: High frequency transactions (less than 1 minute interval)
0x3bfaba5cd26f8e3679a933f62cdc912d4b3bc5010369c3050350073263d93b8f: High frequency transactions (less than 1 minute interval)
0x91bf7d7a0e588c6eed2da1d57ad6a47e2989856bfc8c531eaf39428a9ce318eb: High frequency transactions (less than 1 minute interval)
0x1e1240a415ead50434baecd60d9e9692c8e44be11e9d607f2602c42ac8cc799e: High frequency transactions (less than 1 minute interval)
0x6ff081f2fa31cc771f23e629c382b98bdd9fa4eaecb8ba8cf2f4be8dadf2f285: High frequency transactions (less than 1 minute interval)
0xb808bda2946d0083d2fee05300fc240cd79dacad2389f506dbb7c8788b81d884: High frequency transactions (less than 1 minute interval)
0xd3560f55477dd33b654364a8710d10c39eb1e379b20891b0b342cc9a91c51c71: High frequency transactions (less than 1 minute interval)
0xa844d7e7cf0980fa48f00e9986bc75caa6782ed7d54305a069c61e4b9cad1219: High frequency transactions (less than 1 minute interval)
0x30aee56e9be736cd19a29ce6407ce67adc1019c160fe465b898e23d0d6473b4e: High frequency transactions (less than 1 minute interval)
0x806d94f028e68d2526465ff752bd32167fed875448ac0f6cd1de98ead5f98133: High frequency transactions (less than 1 minute interval)
0xd93d37c5dc64ae34e608be4e53f12aa979135cbc6c7516bb5de36f73f4d08743: High frequency transactions (less than 1 minute interval)
0xf63f3543b54ccd27cb99c534fa5cfc076737154913a02f846d4d3c6780f88346: High frequency transactions (less than 1 minute interval)
0xa3da60b2e83239284971ea8844c62e2efe8eb329facb773c9f00b2510499e37f: High frequency transactions (less than 1 minute interval)
Summary
Total Suspicious Transactions
26
Average Risk Score
67.23
Top Tags
No tags
Suspicious Transactions
| Transaction Hash | Risk Score | Risk Factors | Tags |
|---|---|---|---|
0xe8bfcef…
|
100
High
|
Receives funds from exploit address: 0x660bfc...
Anomaly detected by Isolation Forest
Large transaction amount
High frequency transactions (less than 1 minute interval)
Part of coordinated wallet cluster
Low transaction fee
Related to 43 high-risk transactions (highest score: 100)
Very short time between transactions
Transaction involves DeFi exploit address: Bybit Exploiter 9
|
No tags
|
0x07e43bb…
|
38
Medium
|
Short time frame between transactions
Rapid accumulation of large transactions
Large transaction amount
High frequency transactions (less than 1 minute interval)
Low transaction fee
Part of cyclic transaction pattern: Part of cycle of length 4
Very short time between transactions
|
No tags
|
0x3e2bed2…
|
100
High
|
Receives funds from exploit address: 0xe69753...
Local Outlier Factor (LOF) detected as anomaly
Large transaction amount
Transaction involves DeFi exploit address: Bybit Exploiter 42
Related to 27 high-risk transactions (highest score: 100)
Low transaction fee
Rapid accumulation of large transactions
|
No tags
|
0xede9aee…
|
100
High
|
Receives funds from exploit address: 0xe69753...
Large transaction amount
Transaction involves DeFi exploit address: Bybit Exploiter 42
Related to 27 high-risk transactions (highest score: 100)
Low transaction fee
Transaction amount doubled compared to previous transaction
Rapid accumulation of large transactions
|
No tags
|
0x30aee56…
|
69
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Round amount consistent with mixer
Low transaction fee
Standard mixer amount detected
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0x1e1240a…
|
29
Medium
|
Short time frame between transactions
Outgoing structuring detected: 4 similar amounts totaling 0.00
Low transaction fee
Outgoing structuring detected: 3 similar amounts totaling 0.00
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0xb808bda…
|
100
High
|
Short time frame between transactions
Receives funds from exploit address: 0xe9bc55...
Anomaly detected by Isolation Forest
Large transaction amount
Low transaction fee
Transaction involves DeFi exploit address: Bybit Exploiter 43
Rapid accumulation of large transactions
Related to 35 high-risk transactions (highest score: 100)
Very short time between transactions
|
No tags
|
0xd3560f5…
|
52
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Large transaction amount
Low transaction fee
Transaction amount doubled compared to previous transaction
Rapid accumulation of large transactions
Very short time between transactions
|
No tags
|
0xf1300eb…
|
37
Medium
|
Short time frame between transactions
Rapid accumulation of large transactions
Large transaction amount
Low transaction fee
Part of cyclic transaction pattern: Part of cycle of length 4
Very short time between transactions
|
No tags
|
0x6c06081…
|
29
Medium
|
Short time frame between transactions
Outgoing structuring detected: 4 similar amounts totaling 0.00
Low transaction fee
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0x534216a…
|
29
Medium
|
Short time frame between transactions
Outgoing structuring detected: 4 similar amounts totaling 0.00
Low transaction fee
Outgoing structuring detected: 3 similar amounts totaling 0.00
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0x3bfaba5…
|
29
Medium
|
Short time frame between transactions
Outgoing structuring detected: 4 similar amounts totaling 0.00
Low transaction fee
Outgoing structuring detected: 3 similar amounts totaling 0.00
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0x91bf7d7…
|
100
High
|
Rapid accumulation of large transactions
Transaction involves DeFi exploit address: Bybit Exploiter 39
Large transaction amount
Low transaction fee
Receives funds from exploit address: 0xd3c611...
Transaction amount doubled compared to previous transaction
Part of coordinated wallet cluster
Related to 35 high-risk transactions (highest score: 100)
|
No tags
|
0x6ff081f…
|
100
High
|
Receives funds from exploit address: 0xe9bc55...
Anomaly detected by Isolation Forest
Large transaction amount
Low transaction fee
Transaction involves DeFi exploit address: Bybit Exploiter 43
Transaction amount doubled compared to previous transaction
Rapid accumulation of large transactions
Related to 35 high-risk transactions (highest score: 100)
|
No tags
|
0xa844d7e…
|
100
High
|
Rapid accumulation of large transactions
Receives funds from exploit address: 0xbca02b...
Anomaly detected by Isolation Forest
Transaction involves DeFi exploit address: Bybit Exploiter 44
Large transaction amount
Low transaction fee
Related to 41 high-risk transactions (highest score: 100)
Part of coordinated wallet cluster
|
No tags
|
0x806d94f…
|
52
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Large transaction amount
Low transaction fee
Transaction amount doubled compared to previous transaction
Rapid accumulation of large transactions
Very short time between transactions
|
No tags
|
0xd93d37c…
|
44
High
|
Short time frame between transactions
High frequency transactions (less than 1 minute interval)
Part of coordinated wallet cluster
Low transaction fee
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0xf63f354…
|
40
High
|
Short time frame between transactions
Part of coordinated wallet cluster
Repetitive transaction amount
Low transaction fee
Very short time between transactions
Transaction amount significantly lower than average
|
No tags
|
0x2cbe060…
|
100
High
|
Rapid accumulation of large transactions
Related to 29 high-risk transactions (highest score: 100)
Large transaction amount
Low transaction fee
Transaction amount doubled compared to previous transaction
Receives funds from exploit address: 0x9ef428...
Transaction involves DeFi exploit address: Bybit Exploiter 40
Part of coordinated wallet cluster
|
No tags
|
0xa3da60b…
|
100
High
|
Large transaction amount
Related to 27 high-risk transactions (highest score: 100)
Low transaction fee
Transaction involves DeFi exploit address: Bybit Exploiter 18
Receives funds from exploit address: 0x5af75e...
Rapid accumulation of large transactions
|
No tags
|
0xe1e5ed7…
|
100
High
|
Rapid accumulation of large transactions
Large transaction amount
Receives funds from exploit address: 0xbc3e5e...
Low transaction fee
Related to 28 high-risk transactions (highest score: 100)
Transaction involves DeFi exploit address: Bybit Exploiter 35
Part of coordinated wallet cluster
|
No tags
|
0x9f70097…
|
43
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Large transaction amount
Low transaction fee
Part of cyclic transaction pattern: Part of cycle of length 4
Very short time between transactions
|
No tags
|
0x699e0a9…
|
48
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Local Outlier Factor (LOF) detected as anomaly
Part of cyclic transaction pattern: Part of cycle of length 4
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0xe959c40…
|
43
High
|
Short time frame between transactions
Part of coordinated wallet cluster
Low transaction fee
Very short time between transactions
Transaction amount significantly lower than average
Transaction amount halved compared to previous transaction
|
No tags
|
0x8eff592…
|
42
High
|
Short time frame between transactions
Anomaly detected by Isolation Forest
Low transaction fee
Transaction amount doubled compared to previous transaction
Very short time between transactions
Transaction amount significantly lower than average
|
No tags
|
0xdc59ba3…
|
100
High
|
Large transaction amount
Related to 27 high-risk transactions (highest score: 100)
Low transaction fee
Transaction involves DeFi exploit address: Bybit Exploiter 18
Receives funds from exploit address: 0x5af75e...
Transaction amount doubled compared to previous transaction
|
No tags
|
Showing 1 to 10 of 0 transactions
Advanced Analysis Findings
No Local Outlier Factor analysis data is available for this report.
No wallet community detection data is available for this report.
No transaction layering pattern data is available for this report.
No address clustering data is available for this report.
No sanctioned address connection data is available for this report.
Suspicious Activities
Suspicious Activities Summary:
High Risk Activities: 26
Medium Risk Activities: 0
Total Flagged Transactions: 26
Pattern Categories:
- Network-based anomalies
- Behavioral inconsistencies
- Statistical outliers
- Temporal irregularities
Automated Detection Results:
- Algorithm coverage: Comprehensive
- Detection confidence: High
- Risk classification: Validated
Conclusions & Recommendations
Conclusions
Analysis Conclusions for 0x49cbd3429eda9fae35028154297f149291145e4f:
1. Risk Assessment
- Overall Risk Level: Very High
- Standardized Risk Score: 100/100
- Average Transaction Risk Score: 66.31
- Total Suspicious Patterns: 26
2. Key Findings
- Automated analysis completed successfully
- Multiple detection algorithms applied
- Comprehensive risk evaluation performed
- Standardized scoring methodology applied (score: 100/100)
3. Confidence Level
- Analysis Quality: High
- Data Coverage: Complete
- Algorithm Performance: Validated
4. Summary
The automated analysis has identified significant concerns.
Immediate action recommended.
Recommendations
Immediate Action Recommendations:
1. Priority Actions
- Escalate to compliance team immediately
- Implement enhanced monitoring
- Consider transaction restrictions
- Document all findings
2. Investigation Requirements
- Detailed transaction review required
- Source of funds investigation
- Enhanced due diligence protocols
- Regular monitoring updates
3. Compliance Measures
- File suspicious activity reports if required
- Implement know-your-customer procedures
- Apply enhanced monitoring protocols
- Document risk mitigation measures
Severity Assessment
Very High
Appendices & References
Appendices
Appendix A: Automated Analysis Results
Appendix B: Algorithm Details and Methodology
Appendix C: Risk Assessment Matrix
Appendix D: Transaction Pattern Analysis
Appendix E: Network Connection Analysis
Appendix F: Case Reference Documentation - CLADIOUS-[BYBIT_HACKER_LAZARUS_ITER]-2025-001
Appendix G: Investigation Team Notes - Cladious Forensics Team
References
1. Blockchain Analysis Framework - Cladious Platform
2. Risk Assessment Guidelines - Financial Action Task Force (FATF)
3. Automated Analysis Documentation - Internal Methodology
Contact Information
Primary Analyst: Cladious Auto
Email: [email protected]
Generated: 2025-07-14 03:24:08 UTC
Investigation Team: Cladious Forensics Team
Case Reference: CLADIOUS-[BYBIT_HACKER_LAZARUS_ITER]-2025-001
Platform: Cladious Security Analysis Platform
For questions or additional analysis requests, please contact the investigation team.
This report contains confidential information and should be handled according to your organization's data protection policies.
Report Information
Author
Cladious Auto
Published Date
July 14, 2025
Views
5
Likes
0