February saw over $1.4 billion stolen from ByBit in a hack that has been linked to North Korea’s infamous Lazarus Group.
"68.6% of the stolen funds remain traceable Zhou reported.
Overall, the attackers converted approximately $960 million worth of Ether into 10,003 Bitcoin before distributing them across more than 35,000 wallets.
To improve its recovery efforts, ByBit launched the Lazarus Bounty program soon after the hack.
Two months later, the largest crypto hack in history remains unresolved.
February saw over $1.4 billion stolen from ByBit in a hack that has been linked to North Korea’s infamous Lazarus Group.
Despite so much time having passed, Bybit’s CEO, Ben Zhou, remains optimistic. In a recent social media post, he has maintained that nearly 70% of the stolen funds are still traceable.
The hack in question was targeted at ByBit's cold wallets and allowed the Lazarus group attackers to steal more than a billion dollars in digital assets.
Investigations after the hack revealed that the attackers pulled off the hack through a compromised Safe{Wallet} developer environment.
This allowed them to quietly redirect such a large amount of crypto into their wallets.
Summary of the hacked funds | Source: Twitter
Zhou later confirmed in a 21 April update that the attackers had stolen around 500,000 ETH, worth around $1.4 billion at the time.
More importantly, a massive share of that amount (some 432,000 ETH) was immediately converted into Bitcoin via cross-chain protocols like THORChain.
This immediate swap helped to cover the tracks of the hackers… for a while, but not completely.
"68.6% of the stolen funds remain traceable," Zhou reported on Twitter (now X). "However, 27.6% has gone dark, and only 3.8% has been frozen."
According to Zhou, the attackers used several layers to cover their tracks.
The funds were first moved through a privacy-focused Bitcoin mixer called Wasabi.
After that, smaller portions of the larger amount were sent through other services like CryptoMixer, Tornado Cash, and Railgun.
The process didn’t stop there though.
Zhou went further to mention that the attackers used various cross-chain and swap protocols like eXch, Stargate, SunSwap, Lombard, and LI.FI to further launder these funds.
Eventually, these funds landed on more peer-to-peer (P2P) and over-the-counter (OTC) platforms, where tracing them became even more difficult.
Overall, the attackers converted approximately $960 million worth of Ether into 10,003 Bitcoin before distributing them across more than 35,000 wallets.
As of the time of Zhou’s post, only about $17 million worth of Ether remains on the mainnet, across 12,490 wallets.
To improve its recovery efforts, ByBit launched the Lazarus Bounty program soon after the hack.
The program offers a 10% reward — up to $140 million — for any credible information that could lead to finding and recovering the stolen funds.
The past 60 days have seen Bybit receive 5,443 bounty reports.
However, only about 70 have been deemed legitimate, with just 12 leading to actual bounty payments.
The Lazarus bounty program | Source: ByBit
To date, Bybit has paid out $2.3 million through the program, with the biggest contributor being Mantle (which helped freeze $42 million worth of stolen assets).
“We welcome more reports. We need more bounty hunters that can decode mixers,” Zhou emphasized in his post. “We need a lot of help there down the road.”
An interesting part of these developments so far, has been the reaction of eXch Exchange, which was allegedly used to launder the stolen funds.
eXch announced that it was shutting down on 1 May, due to rising international pressure from investigators.
The exchange continues to maintain that it did not knowingly "help" with the Lazarus group's (or any other entity's) illegal activities.
The ByBit hack stands as a reminder of how vulnerable the crypto space still is.
Despite losing $1.4 billion to one of the most notorious hacking groups in the world, ByBit continues to take measures to keep the funds within reach:
For now, at least.
The next steps will depend on more than mere speculation, as Zhou has rightly pointed out.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.