Bybit CEO: Two-thirds of Lazarus-hacked funds remain traceable
In a recent executive summary posted on X, Bybit co-founder and CEO Ben Zhou revealed that more than two-thirds of the digital assets stolen from the platform in February by North Korea's Lazarus Group still remain traceable. The theft, which was the largest crypto exchange hack to date, saw hackers exploit vulnerabilities in Bybit's cold wallet infrastructure, resulting in a staggering $1.4 billion loss.
The good news for Bybit and its investors is that 68.6% of the total stolen funds "remain traceable," according to Zhou. This means that investigators still have a significant amount of work to do to track down the remaining 31.4% that has "gone dark" or been laundered through various mixers, bridges, and peer-to-peer and over-the-counter platforms.
"Recently, we have observed that the mixer mainly used by the DPRK [Democratic People's Republic of Korea] is Wasabi," Zhou stated. He also noted that following the Wasabi washing of BTC, "a small portion of it entered CryptoMixer, Tornado Cash, and Railgun." This suggests that the hackers were using a combination of mixers to obscure the origin of the stolen funds.
According to Zhou, 944 Bitcoin (BTC) worth around $90 million went through the Wasabi mixer. The loot then underwent multiple cross-chain and swap services via platforms such as THORChain, eXch, Lombard, LI.FI, Stargate, and SunSwap before eventually entering P2P and OTC services.
Additionally, around 432,748 Ether (ETH), worth roughly $1.21 billion, was transferred from Ethereum to Bitcoin via THORChain. Approximately two-thirds of this amount — around $960 million worth of Ether — has been converted into 10,003 BTC across 35,772 wallets.
However, not all of the stolen funds remain untraceable. Around $17 million worth of Ether remains on the Ethereum blockchain across 12,490 wallets, according to Zhou.
Bounty Hunters Step Up
Bybit has launched a bounty program offering a total of $140 million in rewards for information leading to funds being frozen. To date, it has paid out $2.3 million to 12 bounty hunters. Most of this went to one entity, the Mantle layer-2 platform, whose efforts resulted in $42 million worth of frozen funds.
"We welcome more reports, we need more bounty hunters that can decode mixers, as we need a lot of help there down the road," Zhou said. The Bybit CEO acknowledged that the task of tracking down the remaining untraceable funds will require significant effort and collaboration with the crypto community.
A New Lead Emerges
On April 17, the eXch crypto exchange announced it would cease operations on May 1 after reports alleged the firm was used to launder funds from the Bybit hack. This development raises hopes that more information may be forthcoming about the hackers' methods and ultimately lead to a breakthrough in tracking down the remaining stolen funds.
The recent revelations about the Lazarus Group's hacking methods and their use of various mixers and services highlight the ongoing cat-and-mouse game between crypto exchanges, investigators, and cybercriminals. As Bybit CEO Ben Zhou noted, "we need more bounty hunters that can decode mixers," a message that resonates with the entire crypto community.