- Two months after the Bybit hack, more than $380 million of these stolen funds have gone dark on the mainnet, and have now been rendered untraceable.
- Forensics show that around 432,748 ETH (or about 84.5% of the stolen funds) were instantly swapped into Bitcoin using the THORChain cross-chain bridge.
- 27.6% (around $386 million) has disappeared into the shadows of the crypto space.
In what has become the largest single hack in crypto history, North Korea’s notorious Lazarus group made off with a staggering $1.4 billion worth of crypto in a targeted hack on Bybit in February. Two months after the hack, more than $380 million of these stolen funds went dark on the main net and have now been rendered untraceable.
On the other hand, hope still lives, with an encouraging 70% of the total stolen funds being the opposite. ByBit CEO Ben Zhou continues to hold on to hope, and here’s an executive summary of the hack so far.
The Breakdown of the Heist
Bybit CEO Ben Zhou took to Twitter sometime this week to present an executive summary of the hack. According to the CEO, February saw the attackers make off with as much as 500,000 ETH from one of the platform’s cold wallets. Zhou reports that the group reportedly took control of the wallet and transferred the funds to an unidentified address.
As of now, around 68.6% of the stolen funds (or around $960 million) is still traceable, while 27.6% (around $386 million) has disappeared into the shadows of the crypto space. In addition, 3.8% of these funds (or around $53 million) have been successfully frozen.
According to Zhou’s account of the incident, the Lazarus Group used complex tactics to cover their tracks. The attackers reportedly pushed the assets through several mixers, cross-chain bridges, and defi swap services.
One of the biggest ones they used was Wasabi, which is a well-known Bitcoin mixer. Other tools used to launder the funds include the popular Tornado Cash, Railgun, and CryptoMixer. Eventually, much of the stolen crypto has ended up in peer-to-peer (P2P) and over-the-counter (OTC) platforms, where it remains sold off into the void.
From Ether to Bitcoin
The Lazarus group didn’t just sit on the Ether after stealing it, according to Zhou.
Forensics show that around 432,748 ETH (or about 84.5% of the stolen funds) were instantly swapped into Bitcoin using the THORChain cross-chain bridge. Around 67.2% of the stash (or around 342,975 ETH, worth roughly $960 million) was converted into 10,003 BTC. These funds were then scattered across 35,772 separate wallets, which has made recovery efforts even more difficult.
Meanwhile, a smaller fraction of the ETH (or around 5,991 ETH worth $17 million) is still on the Ethereum mainnet and is scattered across 12,490 wallets. In response to the hack, ByBit launched a Lazarus Bounty program in February, which offered $140 million in total rewards for any credible information that could lead to recovering the stolen funds. So far, the program has received 5,443 reports, but only 70 have been verified as valid.
Bybit itself has paid out $2.3 million in bounties so far, especially to Mantle, whose efforts directly led to $42 million being frozen. Still, Zhou maintains that the exchange still needs more skilled contributors. “We need more bounty hunters who can decode mixers,” he urged.
So far, the Lazarus group continues to expand its efforts, and the crypto industry must do the same. The bounty program remains open, and Zhou continues to urge security researchers and white-hat hackers to get involved. “We need a lot of help there down the road,” he said, showing that even the biggest firms can fall victim to this growing threat.
