Bybit CEO Confirms $280M of Stolen Funds is No Longer Traceable

In a stunning update, Bybit CEO Ben Zhou has revealed that $280 million of the $1.4 billion stolen from the cryptocurrency exchange in February's hack has vanished into untraceable channels. This development comes as investigators race against time to freeze the assets before the hackers fully cash out.

Executive Summary on Hacked Funds

Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.

The breakdown is as follows:

  • - 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each)
  • - 72% of the haul, or 361,255 ETH worth $900 million, was funneled through THORChain, a decentralized exchange known for its privacy features.
  • - 20% of the stolen assets—approximately 79,655 ETH—have “gone dark,” meaning they’ve been laundered through platforms like ExCH and rendered untraceable.
  • - An additional 40,233 ETH, worth $100 million, passed through OKX’s Web3 Proxy. Of this, 23,553 ETH ($65 million) remains untraceable without further cooperation from the OKX Wallet team, while 16,680 ETH is still within reach of investigators.

The CEO stressed that the next one to two weeks are pivotal as the hackers prepare to offload their haul via exchanges, over-the-counter (OTC) trading desks, and peer-to-peer (P2P) networks.

Bybit's Efforts to Recover Stolen Funds

Bybit has enlisted the help of bounty hunters and security firms in a bid to thwart the hackers. Zhou reported that 11 parties—including prominent players like Mantle, Paraswap, and blockchain sleuth ZachXBT—have assisted in freezing $42 million, or 3% of the stolen funds.

So far, Bybit has paid out $2.178 million in USDT to these contributors as part of its recovery efforts, with more details available at Lazarusbounty.com. The exchange also partnered with Web3 security firm ZeroShadow on February 25 to enhance its blockchain forensics and maximize asset recovery.

Challenges Ahead

Despite Bybit's efforts, the hackers show no signs of slowing down. Blockchain analytics firm Elliptic has identified over 11,000 wallets linked to the Lazarus group, suggesting a sprawling network designed to obscure their tracks.

Elliptic has also launched a free data feed of illicit addresses linked to the Bybit exploit, aiming to minimize exposure to sanctions and stop laundering of stolen funds. The exchange can access this data via CSV or API.

Conclusion

The situation is dire for Bybit and its users. With $280 million of the stolen funds now untraceable, it remains to be seen whether investigators will be able to recover the remaining assets before they are fully cashed out. As the clock ticks down, one thing is certain: the next few weeks will be critical in determining the fate of Bybit's hacked funds.