James Richardson
A staggering 27.59% of the cryptocurrency stolen in the historic $1.4 billion hack on Bybit has now become untraceable, according to an update shared by CEO Ben Zhou on X (formerly Twitter). This marks a significant increase in the volume of “dark” funds since his previous update on March 4, when 77% of the stolen assets were still being tracked.
In his most recent breakdown, Zhou noted that 68.57% of the assets remain traceable, while a mere 3.84% has been successfully frozen. The rest has vanished into cryptoโs murkiest corners.
According to Zhou, the missing funds were funneled through a complex network of mixers, cross-chain bridges, and peer-to-peer (P2P) platforms. Much of the laundering process began with Wasabi Wallet, a well-known Bitcoin mixer, before being routed through decentralized protocols like Tornado Cash, CryptoMixer, and Railgun.
The attackers further masked their trail using services such as THORChain, eXch, LiFi, Stargate, SunSwap, and Lombard, executing multiple swaps and cross-chain transfers before eventually converting the assets into fiat via OTC and P2P platforms.
So far, around $960.3 million worth of ETH has been moved into 35,772 unique wallets, ultimately being swapped for 10,003 BTC. Meanwhile, 1.17% of the stolen crypto remains on Ethereum, distributed across 12,490 wallets, Zhou added.
Biggest Centralized Exchange Hack Linked to Lazarus Group
The Feb. 21 breach on Bybit was reportedly executed by the Lazarus Group, a notorious North Korea-backed hacking collective. It remains the largest cyberattack on a centralized crypto exchange to date, resulting in the loss of approximately 400,000 ETH and another 113,000 ETH-based tokens.
Zhou stated that Lazarus used a targeted malware attack to exploit vulnerabilities, converting stolen assets into BTC before distributing them across various anonymizing tools and protocols.
Bounty Program Helps Recover Millions
In response, Bybit launched a bounty program encouraging blockchain sleuths to help track and freeze stolen funds. Over the past 60 days, 5,443 bounty reports were submitted โ with 70 confirmed as valid. So far, Bybit has paid out $2.3 million to 12 bounty hunters, with 10% of any recovered funds offered as a reward.
Privacy Platform eXch to Shut Down Amid Crackdown
Among the platforms used by the hackers was eXch, a privacy-centric trading service. The platform announced it would cease operations on May 1, citing pressure from a transatlantic investigation related to money laundering charges involving Lazarus.
Although eXch did not directly confirm that its services were used in the Bybit heist, the project criticized the broader industry’s shift away from privacy ideals due to โreckless behavior from certain players,โ indirectly referencing Bybit.
Chainflip Responds, THORChain Divided
Following the discovery that Bybit funds passed through Chainflip DEX, the protocol temporarily paused operations to implement an upgrade blocking malicious actors.
In contrast, THORChain, another cross-chain protocol widely used by Lazarus, chose not to implement user restrictions despite internal debate. This decision has reportedly caused internal conflict, even prompting some members to leave the project.
