Bybit reported that 89% of the $1.4 billion in stolen crypto remains trackable after the hack.
Bybit has paid out a total of $2.2 million to “bounty hunters” who track the Lazarus Group’s transactions tied to the stolen crypto.
Following the large-scale Bybit hack, investigators continue efforts to reclaim the stolen funds, with most of the assets still traceable.
Hackers breached Bybit on February 21, stealing over $1.4 billion in stETH, mETH, and various digital assets, making it the largest hack in crypto history.
Blockchain security firms like Arkham Intelligence have identified the Lazarus Group, a North Korean hacking collective, as the prime suspect in the Bybit attack, as they continue laundering the stolen assets.
Bybit’s CEO, Ben Zhou, reported that despite the Lazarus Group’s attempts to conceal the funds, investigators have managed to trace over 88% of the $1.4 billion in stolen crypto.
On March 20, the CEO posted on X:
“Total hacked funds of USD 1.4bn around 500k ETH. 88.87% remain traceable, 7.59% have gone dark, 3.54% have been frozen.”
He explained that hackers swapped 86.29% of the stolen assets, totaling 440,091 ETH (approximately $1.23 billion), for 12,836 BTC and distributed them across 9,117 wallets, each holding an average of 1.41 BTC. He further noted that the criminals laundered most of the funds using mixing services such as Wasabi, CryptoMixer, Railgun, and Tornado Cash.
This announcement from the CEO came roughly a month after the exchange suffered the breach.
Within a span of 10 days, the Lazarus Group laundered all the stolen Bybit funds through the decentralized cross-chain platform THORChain.
However, blockchain security experts remain optimistic that Bybit may successfully freeze and recover a fraction of the stolen assets.
The crypto industry needs more blockchain “bounty hunters“ and ethical hackers to combat the escalating cyber threats posed by North Korean actors. Late february, Bybit launched a bounty program to track and disrupt the Lazarus Group network
Bybit’s CEO pointed out that decrypting transaction activity within crypto mixers remains the biggest challenge in tracking these assets, adding:
“In the past 30 days, 5012 bounty reports were received of which 63 were valid bounty reports. We welcome more reports, we need more bounty hunters that can decode mixers as we need a lot of help there down the road.”
A website called LazarusBounty tracks Bybit’s bounty payments and states that the exchange has awarded upwards of $2.2 million to 12 bounty hunters for information that could lead to freezing the stolen funds.
As an incentive, the exchange promises whitehat hackers and investigators 10% of any successfully recovered funds.
According to analysts, the Bybit incident proves that even centralized exchanges with robust defenses remain vulnerable to highly sophisticated cyberattacks.
According to Trezor analyst Lucien Bourdon, “This incident is another stark reminder that even the strongest security measures can be undone by human error.”
Using a refined social engineering approach, the attackers manipulated signers into confirming a malicious transaction, which allowed them to extract funds from one of Bybit’s cold wallets, Bourdon detailed.
As the largest crypto exchange hack to date, the Bybit breach surpasses the $600 million Poly Network attack that occurred in August 2021 by more than double.
