Home News Bybit Hackers Launder Stolen Bitcoin through Mixers and P2P Vendors Following $1.5 Billion Attack

Bybit Hackers Launder Stolen Bitcoin through Mixers and P2P Vendors Following $1.5 Billion Attack

by Lucía Peña
written by Lucía Peña 0 comments 5 mins read

In the aftermath of the $1.5 billion cryptocurrency hack at Bybit in February 2025, hackers have begun funneling the stolen bitcoin through mixers and peer-to-peer (P2P) vendors. According to Ben Zhou, the co-founder and CEO of Bybit, a staggering 86% of the stolen funds—amounting to 440,091 ETH (approximately $1.23 billion)—were converted into 12,836 BTC.

This massive theft has raised serious concerns within the cryptocurrency community, particularly regarding the laundering of illicit funds.

Zhou revealed that the stolen ether (ETH) was mostly converted into bitcoin (BTC) via THORChain, a cross-chain liquidity protocol. These stolen bitcoins have since been distributed into 9,117 individual wallets, with each wallet holding an average of 1.41 BTC.

The hackers, suspected to be part of the North Korean Lazarus Group, are utilizing Bitcoin mixers like Wasabi, CryptoMixer, and Railgun to obscure the origin of the funds. One of the key services, Wasabi, is known for using the CoinJoin technique, which mixes Bitcoin transactions for enhanced privacy and anonymity.

Zhou specifically pointed out that 193 BTC, valued at $16 million, were routed primarily through Wasabi, before being redirected to various P2P vendors. P2P transactions are conducted directly between individuals, often through unregulated online platforms or informal networks, bypassing traditional intermediaries.

Zhou emphasized that the mixing process significantly complicates efforts to track the stolen funds, stating, “Decoding mixer transactions is the no. 1 challenge we face now.” Despite these challenges, Bybit’s latest data shows that 88.8% of the stolen funds remain traceable, while 7.6% have become untraceable, and 3.5% of the funds have been successfully frozen.

Lazarus Group’s Growing Bitcoin Holdings

Recent data from Arkham reveals that Lazarus, the North Korean hacker group believed to be behind the Bybit hack, now holds 13,400 BTC. A significant portion of these funds is traced back to the Bybit hack, further solidifying suspicions that the group is actively using the stolen funds to fuel its operations.

This ongoing situation underscores the increasing sophistication of crypto-related cybercrimes, particularly as attackers continue to use tools like mixers and P2P vendors to launder funds and evade detection. The rise of such activities presents a significant challenge for exchanges and law enforcement agencies tasked with tracing and recovering illicitly obtained assets.

Lucía Peña (b. 1992, Toledo) is a Spanish writer specializing in financial technology and cryptocurrency. She graduated from the Complutense University in Madrid with a degree in Economics and Communication. During her undergraduate studies, her interest in financial analysis, digital economy and blockchain technologies led her to conduct in-depth research in the cryptocurrency world.

You may also like

XRP Investment Products Surge as Bitcoin and Ethereum Face Investor Caution

Bitcoin ETFs See Biggest Inflows in Over Two Months as Dollar Slumps and Stocks...

Ethereum ETFs Hit Historic Low as Outflows Surge and Investor Confidence Wanes

Circle, BitGo, and Others Move Toward Traditional Banking to Solidify Stablecoin Future

USDC Surges by $17B in 2024: Is the Institutional Stablecoin Race Heating Up?

$100M Bet on Solana: Upexi Builds Crypto Treasury with GSR’s Backing

About Links

Crypto

Connect

More

Twitter Instagram Email Telegram

@2024 – All Right Reserved.

Designed and Developed by BirEnter