Bybit Reports 89% of Stolen $1.4B Crypto Still Traceable After Hack

Quick Summary

Nearly a month after the largest crypto hack in history, Bybit CEO Ben Zhou reports that approximately 89% of the stolen $1.4 billion remains traceable. Blockchain investigators continue efforts to freeze and recover the funds, believed to have been stolen by North Korea’s Lazarus Group.

Key Points

• Bybit lost over $1.4 billion in crypto assets, including liquid-staked Ether (stETH) and Mantle Staked ETH (mETH), in a cyberattack on February 21.
• Blockchain security firms identified North Korea’s Lazarus Group as the likely attacker.
• CEO Ben Zhou stated that 88.87% of the stolen funds remain traceable, 7.59% have gone dark, and 3.54% have been frozen.
• Approximately 86.29% (440,091 ETH, ~$1.23 billion) of the stolen funds were converted into Bitcoin (BTC) and distributed across 9,117 wallets.
• The attackers primarily used crypto mixers such as Wasabi, CryptoMixer, Railgun, and Tornado Cash to obscure transaction trails.

Bybit Offers Bounties to Recover Funds

Bybit has paid over $2.2 million to 12 bounty hunters who provided valuable information leading to the freezing of stolen funds. The exchange is offering a bounty of 10% of recovered funds to incentivize white hat hackers and blockchain investigators.

Challenges and Industry Response

Decoding transaction patterns through cryptocurrency mixers remains the biggest challenge in tracing stolen funds. Bybit CEO Ben Zhou emphasized the need for more blockchain “bounty hunters” and ethical hackers to combat illicit activities:

“In the past 30 days, 5012 bounty reports were received, of which 63 were valid bounty reports. We welcome more reports; we need more bounty hunters that can decode mixers as we need a lot of help there down the road.”

Security Implications for Crypto Exchanges

The Bybit hack highlights vulnerabilities even in centralized exchanges with robust security measures. Analysts noted that the attackers employed sophisticated social engineering techniques, tricking signers into approving malicious transactions from Bybit’s cold wallets.

This incident surpasses the previous largest crypto hack—the $600 million Poly Network breach in August 2021—making it the largest crypto exchange breach to date.