David Edwards
The vast majority of the $1.4 billion stolen from Bybit in a record-breaking February 21 cyberattack remains traceable, despite efforts by hackers to obscure their tracks, according to blockchain investigators.
Largest Crypto Hack in History
The Bybit breach is now the largest hack in crypto history, surpassing even the $600 million Poly Network exploit of 2021. The attackers targeted Bybit’s holdings of liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other digital assets.
Blockchain security firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the likely perpetrators. The group has attempted to launder the stolen funds through various cryptocurrency mixers to evade detection.
Nearly 89% of Stolen Funds Still Trackable
Despite the attackers’ sophisticated laundering techniques, 88.87% of the stolen assets remain traceable, while 7.59% have gone dark and 3.54% have been frozen, according to Bybit co-founder and CEO Ben Zhou.
In a March 20 post on X (formerly Twitter), Zhou revealed that the hackers converted 86.29% of the funds—equivalent to 440,091 ETH (~$1.23 billion)—into 12,836 BTC, which were then dispersed across 9,117 wallets.
Lazarus Group Used Crypto Mixers to Launder Funds
The stolen funds were primarily funneled through Bitcoin mixers, including Wasabi, CryptoMixer, Railgun, and Tornado Cash, to obfuscate transaction trails. The Lazarus Group managed to launder a significant portion of the assets via THORChain, a decentralized cross-chain protocol, within 10 days of the breach, according to a March 4 report by Cointelegraph.
Bybit Offers $2.2M in Bounties for Information
As part of its efforts to recover the stolen funds, Bybit has paid $2.2 million to 12 bounty hunters who provided relevant intelligence. The exchange has also launched the LazarusBounty program, offering 10% of recovered assets as an incentive for ethical hackers and blockchain investigators.
Bybit’s bounty initiative has attracted significant participation, with over 5,012 reports submitted in the past 30 days—though only 63 were deemed valid.
“We need more bounty hunters that can decode mixers. We need a lot of help there down the road,” Zhou emphasized.
Crypto Industry Calls for Stronger Security Measures
The Bybit hack highlights the growing threat posed by state-sponsored cybercriminals and the vulnerabilities of even centralized exchanges with robust security measures.
Lucien Bourdon, an analyst at Trezor, stated that the attack was facilitated through sophisticated social engineering, which tricked Bybit’s cold wallet signers into approving a malicious transaction.
Implications for the Crypto Market
The aftermath of the Bybit breach has reignited discussions about the need for enhanced cybersecurity, improved tracking technologies, and stronger regulatory frameworks to combat illicit financial activities in the crypto space.
As the hunt for the stolen funds continues, blockchain security experts remain cautiously optimistic about recovering a portion of the assets before they are fully laundered.
