The Bybit hack on February 21st has been described as the biggest crypto breach in history. According to the authorities’ final analysis, the popular crypto exchange lost over $1.4 billion in digital assets, primarily Ether.
Hours after the successful hacking, it was revealed that North Korea’s Lazarus Group was the mastermind behind the heist. Multiple reports disclosed that the crypto exchange had ignored some security flaws months before the incident, allowing the group to compromise the cold wallet.
In the latest twist to the hacking saga, Bybit’s Ben Zhou shared that around 88.87% of the stolen funds are still traceable. Zhou unveiled these developments through his Twitter/X account, stating that 3.54% of the funds are frozen, and 7.59% of the stolen assets have seeped into the dark web and are no longer traceable.
3.20.25 Executive Summary on Hacked Funds:
Hacker started to use mixers: 1. Wasabi 2. CryptoMixer 3. Railgun 4. TornadoCash
Total hacked funds of USD 1.4bn around 500k ETH. 88.87% remain traceable, 7.59% have gone dark, 3.54% have been frozen.
Breakdown: – 86.29% (440,091 ETH,…— Ben Zhou (@benbybit) March 20, 2025
Lazarus Group Used Mixers To Hide Funds
In a Twitter/X post on March 20th, Zhou shared the results of the company’s internal investigations into the hacking incident. According to Zhou, the hackers utilized several Bitcoin mixers, including CryptoMixer, Railgun, Wasabi, and TornadoCash. Of the $1.4 billion in stolen funds, around 88.87% are still traceable, 7.59% are now lost, and 3.54% remain frozen.
Zhou provided a detailed status of the stolen funds, revealing that 82.29%, or 440,091 Ether worth around $1.23 billion, have been converted into 12,835 Bitcoins distributed across 9,117 crypto wallets.
Zhou Asks For Help In Tracing Missing Funds
In the same Twitter/X post, Zhou shared that around 193 Bitcoins were transferred to the Wasabi Mixer. Following this transfer, the stolen funds were then distributed to various P2P vendors. Zhou believes this trend will persist as more stolen funds enter mixers, ultimately complicating efforts to trace them.
The Bybit CEO expressed that deciphering mixer transactions poses a significant challenge for the company and has called on the public for assistance in this endeavor. Over the past month, the exchange received 5,012 bounty reports, with 63 proving to be valid. Zhou reiterated the need for more bounty hunters to unravel the complexities of the hacking incident.
Bybit Acknowledges Risks But Ignored Warning Signs
In an interview, the Bybit CEO admitted that the company had received warnings regarding security vulnerabilities months prior to the breach. Zhou stated that they recognized the incompatibility of their Safe with the exchange’s security framework roughly three or four months before the hack.
The CEO acknowledged that they could have taken measures to replace the Safe, a consideration currently under review. In defense, Safe’s chief product officer, Rahul Rumalla, emphasized that additional security features have been implemented, insisting that their responsibility lies not only in resolving current issues but also in preventing future breaches.
Featured image from Vox, chart from TradingView
