Bybit CEO Ben Zhou has confirmed that $280 million of the $1.4 billion stolen from the exchange has been laundered and is no longer traceable. However, approximately $1.07 billion remains trackable, providing investigators with a chance to recover a significant portion of the stolen funds.
Bybit Tracking the Stolen Funds
On March 4, Zhou provided an update on the movement of the 500,000 Ether (ETH) stolen in the February hack and the ongoing efforts to prevent the attackers from cashing out. He shared the latest breakdown of the stolen assets:
- 77% ($1.07B) remains trackable
- 20% ($280M) has “gone dark” – mixed, laundered, or moved to obfuscation platforms
- 3% ($42M) has been frozen
The phrase “gone dark” suggests that the funds have been effectively laundered, likely by the North Korean hackers responsible for the attack. Investigators have already managed to freeze $42 million of the stolen assets.
The attackers have converted roughly $1 billion of the stolen funds—equivalent to 417,348 ETH—into Bitcoin. These funds have been dispersed across 6,954 wallets, with each wallet holding an average of 1.71 BTC. This fragmentation makes tracking and recovering the funds increasingly difficult.
Zhou emphasized that the next one to two weeks will be crucial for freezing additional funds before the hackers attempt to cash out. The attackers may try to use crypto exchanges, over-the-counter (OTC) platforms, and peer-to-peer (P2P) transactions to liquidate their holdings.
THORChain, ExCH, and OKX Used to Launder Funds
According to Zhou, the hackers primarily used the decentralized exchange THORChain to cash out both ETH and BTC. They also leveraged platforms like ExCH and OKX Web3 Proxy to move portions of the stolen assets. Zhou noted that $65 million worth of ETH could still be recovered, but this would require assistance from the OKX Wallet team.
To aid in the investigation, Bybit has engaged security experts and blockchain forensic firms. Eleven bounty hunters have been rewarded a total of $2.1 million for their contributions in freezing the stolen funds.
On February 25, blockchain analytics firm Elliptic identified over 11,000 wallets linked to the Bybit hackers. The same day, Bybit enlisted Web3 security firm ZeroShadow to conduct blockchain forensic analysis, track the stolen funds, and maximize recovery efforts.
