- Bybit CEO has stated that 20% of the $1.4B stolen from the trade is now untraceable.
- Hackers transformed $1B in ETH to BTC by way of THORChain and unfold it.
- So far, 11 bounty hunters have assisted in freezing $42M of the stolen funds.
In a surprising replace, Bybit CEO Ben Zhou has revealed that $280 million of the $1.4 billion stolen from the cryptocurrency trade in the February hack has vanished into untraceable channels.
3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn round 500k ETH, 77% are nonetheless traceable, 20% has gone darkish, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been transformed into BTC with 6,954 wallets (Average 1.71 btc every) . This and…— Ben Zhou (@benbybit) March 4, 2025
The safety breach, attributed to the North Korean hacking group Lazarus, noticed roughly 500,000 Ether (ETH) pilfered from Bybit’s reserves. While the majority of the funds stays seen on the blockchain, Zhou’s announcement underscores the challenges going through investigators as they race in opposition to time to freeze the belongings earlier than the hackers absolutely money out.
The assault exploited vulnerabilities in ProtectedWallet, a third-party pockets platform utilized by Bybit. Lazarus hackers compromised a developer’s gadget, injecting malicious code that allowed them to siphon off practically $1.5 billion in ETH throughout a routine switch.
Despite Bybit’s swift motion to revive 1:1 backing of consumer belongings inside days, the hackers have been relentlessly shifting the stolen funds throughout a number of platforms, complicating restoration efforts.
Hackers leveraged THORChain to fragment funds
A good portion of the stolen Ether—417,348 ETH valued at round $1 billion—has been transformed into Bitcoin (BTC) and scattered throughout 6,954 wallets, every holding a mean of 1.71 BTC.
Zhou famous that 72% of the haul, or 361,255 ETH value $900 million, was funneled by means of THORChain, a decentralized trade recognized for its privateness options.
THORChain alone processed a file $4.66 billion in swaps in the week ending March 2, raking in over $5.5 million in charges from these illicit transactions. This fragmentation and conversion technique has made monitoring the funds more and more tough for blockchain forensic groups.
Meanwhile, 20% of the stolen belongings—roughly 79,655 ETH—have “gone dark,” that means they’ve been laundered by means of platforms like ExCH and rendered untraceable.
Zhou highlighted that an extra 40,233 ETH, value $100 million, handed by means of OKX’s Web3 Proxy. Of this, 23,553 ETH ($65 million) stays untraceable with out additional cooperation from the OKX Wallet crew, whereas 16,680 ETH is nonetheless inside attain of investigators.
The CEO pressured that the subsequent one to 2 weeks are pivotal as the hackers put together to dump their haul by way of exchanges, over-the-counter (OTC) buying and selling desks, and peer-to-peer (P2P) networks.
Bybit has enlisted bounty hunters amid freezing efforts
In a bid to thwart the hackers, Bybit has enlisted the assist of bounty hunters and safety companies.
Zhou reported that 11 events—together with distinguished gamers like Mantle, Paraswap, and blockchain sleuth ZachXBT—have assisted in freezing $42 million, or 3% of the stolen funds.
So far, Bybit has paid out $2.178 million in USDT to those contributors as half of its restoration efforts, with extra particulars obtainable at Lazarusbounty.com. The trade additionally partnered with Web3 safety agency ZeroShadow on February 25 to boost its blockchain forensics and maximize asset restoration.
Despite these efforts, the hackers present no indicators of slowing down. Blockchain analytics agency Elliptic has recognized over 11,000 wallets linked to the Lazarus group, suggesting a sprawling community designed to obscure their tracks.
🚨 Free Real-time Bybit Exploit Data 🚨
Elliptic has launched a free information feed of illicit addresses linked to the Bybit exploit.
🔍 Why it issues:
✅ Minimize publicity to sanctions
✅ Stop laundering of stolen funds
✅ Strengthen crypto safetyAccess by way of CSV or API ⬇️… pic.twitter.com/U9Qa2tc8Zz
— Elliptic (@elliptic) February 25, 2025
Zhou indicated that an extra $65 million in ETH may very well be salvaged with OKX’s assist, however time is working out as the attackers proceed laundering operations by means of platforms like ExCH and OKX Web3 Proxy.
