Bybit’s CEO, Ben Zhou, recently updated the community on the status of the ongoing efforts to trace and freeze the funds stolen in the record hack on the crypto exchange.

“This and the coming week is critical for fund freezing as the funds will start to clear at exchanges, OTC, and p2p,” Zhou said, referring to the hackers’ efforts to launder the money and convert it to cash.

Breakdown of the Stolen Funds

According to Zhou, 417,348 ETH (approximately $1 billion) remain traceable on the blockchain after being moved using privacy-focused THORChain. Another 20% of the funds, roughly 79,655 ETH or $200 million, have “gone dark” through ExCH.

A smaller portion, 40,233 ETH or $100 million, had passed through OKX’s web3 proxy, but 23,553 ETH, worth $65 million, remain untraceable.

How the Hackers Laundered the Funds

Zhou revealed that the hackers converted 83% of the stolen ETH – 361,255 ETH; or $900 million – into BTC, distributing it across 6,954 wallets, with an average of 1.71 BTC per wallet using THORChain.

THORChain has processed $4.66 billion in swaps in the week ending March 2, the highest tally on record, according to data source DefiLlama – making it over $5.5 million in fees from the illicit flows.

The Lazarus Group’s Role in the Hack

The North Korean hacking group Lazarus targeted Bybit in late February by injecting malicious code into SafeWallet, a third-party wallet platform used by the exchange, to steal billions in customer assets from the exchange.

The attackers compromised a developer’s device, enabling them to manipulate a routine wallet transfer and siphon off nearly $1.5 billion in ETH.

Response to the Hack

Bybit fully returned to a 1:1 backing of client assets days after the attack, as previously reported. Address activity suggests more than $400 million were purchased through over-the-counter trading, with another $300 million brought directly from exchanges.

Conclusion

The Bybit hack has been a significant blow to the crypto community, with 20% of the stolen funds remaining untraceable. However, the efforts to freeze and recover the remaining funds are ongoing, and the community is being updated regularly on the progress.

FAQs

What is the current status of the stolen funds? As of now, 77% of the stolen funds remain traceable, while 20% have “gone dark” and are untraceable.

How did the hackers launder the funds? The hackers converted 83% of the stolen ETH into BTC, distributing it across 6,954 wallets using THORChain.

What is the role of the Lazarus Group in the hack? The North Korean hacking group Lazarus targeted Bybit in late February, injecting malicious code into SafeWallet to steal billions in customer assets.

What was the response to the hack? Bybit fully returned to a 1:1 backing of client assets days after the attack, and the community is being updated regularly on the progress of the ongoing efforts to freeze and recover the remaining funds.