The challenge of tracking illicit digital assets intensifies as details emerge about one of the largest crypto heists. Bybit CEO Ben Zhou confirmed that nearly 28% of the $1.5 billion stolen in the March Bybit hack has vanished beyond traceability.
In a recent update, Zhou outlined the status of the approximately 500,000 ETH ($1.5 billion) pilfered during the attack. While a significant 68.6% remains traceable and 3.8% has been successfully frozen, a concerning 27.6% has disappeared after being processed through sophisticated laundering techniques involving crypto mixers and cross-chain bridges.
[Ben Zhou’s X Post Summary on Hacked Funds]
The untraceable funds were deliberately obscured, initially funneled through mixers like Wasabi – reportedly a tool used by North Korea’s Lazarus Group. Subsequently, the assets moved across various blockchain platforms including Thorchain, eXch, Stargate, and SunSwap before ultimately landing in Over-The-Counter (OTC) or Peer-to-Peer (P2P) services, converting them to fiat currency and making recovery exceptionally difficult. Understanding the mechanics of these services is crucial; learn more about Understanding Crypto Mixers.
The investigation revealed a massive conversion operation: approximately 432,000 ETH, constituting 84.5% of the stolen Ethereum, was swapped for Bitcoin (BTC) primarily using the THORChain network. These converted funds were then dispersed across an estimated 35,000 different Bitcoin wallets, leaving only about 6,000 ETH (1.17%) on the Ethereum blockchain.
The sophisticated attack is attributed to the Lazarus Group, a state-sponsored cybercrime organization known for targeting cryptocurrency platforms. Investigators believe the group gained access by compromising a Safe{Wallet} developer system, injecting malicious code into Bybit’s signer interface to reroute transactions deceptively.
Bybit responded swiftly by freezing accessible assets, collaborating with blockchain investigators, and initiating a 10% bounty program for information leading to fund recovery. The exchange maintains it has remained solvent, processing nearly all withdrawal requests despite the massive theft.
Zhou emphasized the need for community assistance, particularly from bounty hunters skilled in piercing the veil of crypto mixers. The incident underscores the persistent security challenges within the DeFi space and the need for robust DeFi Security Best Practices. This pressure has already led to consequences for associated platforms, with the privacy-focused exchange eXch announcing its closure effective May 1, citing pressures from the ongoing international investigation while denying intentional involvement in the laundering process.