Overview of the Bybit Hack Incident
In a significant update, Ben Zhou, the CEO of Bybit, announced that over 77% of the funds stolen during a record-breaking $1.4 billion hack on the cryptocurrency exchange are still traceable. This information was shared on X early Tuesday, as Zhou provided insights into the ongoing situation regarding the stolen assets.
Tracing the Stolen Funds
According to Zhou, the current week is pivotal for freezing the stolen funds, as they are likely to begin clearing at various exchanges, over-the-counter (OTC) markets, and peer-to-peer (P2P) platforms. The urgency stems from the hackers’ attempts to launder the funds and convert them into cash.
A staggering 417,348 ether (ETH), valued at around $1 billion, is still traceable on the blockchain. These funds have been moved using THORChain, a privacy-focused platform. However, 20% of the stolen assets, amounting to roughly 79,655 ETH or $200 million, have “gone dark” via ExCH, making them untraceable.
Distribution of Stolen Assets
Additionally, a smaller portion of the stolen funds—40,233 ETH, valued at $100 million—was funneled through OKX’s web3 proxy. Yet, 23,553 ETH, approximately worth $65 million, remains untraceable.
Zhou also revealed that hackers managed to convert 83% of the stolen ETH—equivalent to 361,255 ETH or $900 million—into Bitcoin (BTC). This conversion was distributed across an impressive 6,954 wallets, averaging 1.71 BTC per wallet, facilitated by THORChain.
THORChain’s Record Activity
In the week ending March 2, THORChain processed an astonishing $4.66 billion in swaps, setting a new record according to data from DefiLlama. This activity generated over $5.5 million in fees from the illicit flows associated with the hack.
Background on the Cyber Attack
The hacking incident, attributed to the notorious North Korean group Lazarus, occurred in late February. The attackers executed a sophisticated plan by injecting malicious code into SafeWallet, a third-party wallet platform utilized by Bybit. This breach allowed them to compromise a developer’s device, facilitating the manipulation of a routine wallet transfer, which ultimately led to the theft of nearly $1.5 billion in ETH.
Bybit’s Response and Recovery
In the wake of the attack, Bybit promptly reinstated a 1:1 backing of client assets just days after the incident, as previously reported by CoinDesk. Current address activity indicates that more than $400 million of the stolen funds were procured through over-the-counter trading, with an additional $300 million sourced directly from exchanges.
As the investigation continues, the focus remains on tracking the remaining untraceable assets and ensuring the security of user funds moving forward.
