$280M Gone, $1.07B in Play: Inside the Bybit Hack Investigation
Bybit CEO Ben Zhou has confirmed that $280 million of the $1.4 billion stolen from the cryptocurrency exchange has been laundered and is no longer recoverable.
However, $1.07 billion remains traceable, providing investigators with a critical window to recover the funds before they are further dispersed.
Breakdown of the Bybit Hack
During the February Bybit hack, cybercriminals stole 500,000 Ether (ETH) from the platform. In a March 4 update, Zhou revealed that 77% of the stolen funds remain traceable, while 20% ($280 million) has been successfully laundered, complicating recovery efforts. Meanwhile, investigators have managed to freeze $42 million, or approximately 3% of the stolen assets.
3.4.25 Executive Summary on Hacked Funds:
— Ben Zhou (@benbybit) March 4, 2025
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…
The laundering process has involved advanced techniques such as transaction-masking platforms and crypto-mixing services, which obscure transaction trails. Zhou suggested that North Korean hackers were behind the attack, citing these sophisticated tactics.
Also read: Crypto Exchange eXch Denies Bybit Hack Allegations Amid Growing Scrutiny
How Hackers Are Moving the Stolen Funds
The stolen assets have been funneled through an intricate laundering scheme. Over $1 billion (417,348 ETH) was converted into Bitcoin (BTC) and distributed across 6,954 cryptocurrency wallets. Each wallet typically holds an average of 1.71 BTC, making detection and freezing efforts more complex. The hackers have been using decentralized exchanges (DEXs) such as THORChain, along with platforms like ExCH and OKX Web3 Proxy, to move and cash out the funds.
According to data from DeFi analytics provider DefiLlama, THORChain processed a record $4.66 billion in swaps in the week ending March 2, generating over $5.5 million in revenue from these transactions—some of which may be linked to the Bybit hack.
Also read: $1.4 Billion Bybit Hackers Now Tied to Solana Meme Coin Scams
Efforts to Recover the Stolen Funds
With hackers attempting to cash out through peer-to-peer (P2P) transactions, over-the-counter (OTC) platforms, and centralized exchanges, the next few weeks will be crucial for authorities looking to freeze additional funds.
So far, $42 million of the stolen assets have been frozen. To bolster recovery efforts, Bybit has partnered with Web3 security firm ZeroShadow, which specializes in asset tracing and blockchain forensics. The company has been tasked with tracking the stolen funds and preventing further losses.
Also read: From Payroll to Prison: The $5.7M Bybit Fraud That Shocked Crypto
Bounty hunters have also played a role in asset recovery, receiving a total of $2.1 million in rewards for helping trace and freeze illicit transactions. Additionally, Zhou noted that approximately $65 million in stolen Ethereum could still be recovered, but this will require collaboration with the OKX Wallet team.
Blockchain analytics firm Elliptic has identified more than 11,000 wallets linked to the Bybit hackers, highlighting the vast scale of the attack.
Thx to the @elliptic team for putting up a real time bybit exploit data, really appreciate the effort and work put into helping us. https://t.co/bmFZJ0Hn3y
— Ben Zhou (@benbybit) February 26, 2025
