Bybit suffered one of the largest crypto heists in history, with hackers stealing nearly $1.4 billion in customer assets. While the attack was devastating, CEO Ben Zhou confirmed that 77% of the stolen funds remain traceable. However, according to CoinDesk, around 20%—roughly $200 million—has already “gone dark” through privacy-focused transactions. This has made recovery significantly harder.
Hackers Convert Funds and Spread across Thousands of Wallets
The attackers wasted no time laundering the funds. Zhou revealed that 83% of the stolen Ethereum (ETH-USD)—equivalent to $900 million—was converted into Bitcoin and distributed across 6,954 wallets, averaging 1.71 BTC per wallet. Much of this movement happened through THORChain, a decentralized network known for its anonymity. DefiLlama data shows THORChain processed $4.66 billion in swaps last week, earning over $5.5 million in fees from illicit flows.
North Korean Lazarus Group Behind the Attack
The infamous North Korean hacking group Lazarus was behind the attack, breaching Bybit through a third-party wallet platform called SafeWallet. By compromising a developer’s device, they manipulated a routine wallet transfer, siphoning billions from unsuspecting users.
Despite the scale of the attack, Bybit swiftly restored its 1:1 client asset backing. However, with funds still circulating, the next few days will be important to see how well stakeholders can track and freeze stolen assets.
Investors should watch how these measures impact market confidence and the prices of their favorite cryptocurrencies on TipRanks.
