Bybit Hack: $1.4B Stolen, 88.87% Traceable, North Korea's Lazarus Group Blamed

Generated by AI AgentCoin World
Thursday, Mar 20, 2025 4:58 am ET1min read
BTC
--
ETH
--

On February 21, 2025, the cryptocurrency exchange Bybit experienced the largest crypto heist in history, with over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other digital assets stolen. The incident was attributed to North Korea’s Lazarus Group, a notorious cybercrime organization known for its sophisticated hacking techniques. The group has been actively swapping the stolen funds in an attempt to make them untraceable.

Despite the Lazarus Group’s efforts, a significant portion of the stolen funds remains traceable. According to Ben Zhou, the co-founder and CEO of Bybit, approximately 88.87% of the $1.4 billion in stolen funds are still traceable. This means that only 7.59% have gone dark, and 3.54% have been frozen. The CEO’s update, posted on March 20, provided detailed insights into the distribution of the stolen funds. Out of the total hacked funds, 86.29% (440,091 ETH, approximately $1.23 billion) have been converted into 12,836 BTC across 9,117 wallets, with an average of 1.41 BTC per wallet. The funds were primarily funneled through Bitcoin (BTC) mixers, including Wasbi, CryptoMixer, Railgun, and Tornado Cash.

The Lazarus Group’s ability to launder 100% of the stolen Bybit funds through the decentralized crosschain protocol THORChain within 10 days highlights the sophistication and speed of their operations. However, blockchain security experts remain hopeful that a portion of these funds can still be frozen and recovered by Bybit. The challenge lies in decoding transaction patterns through cryptocurrency mixers, which are designed to obscure the trail of funds.

In response to the hack, Bybit has taken proactive measures to combat the growing illicit activity from North Korean actors. The exchange has awarded over $2.2 million worth of funds to 12 bounty hunters for relevant information that may lead to the freezing of the funds. Bybit is offering 10% of the recovered funds as a bounty for white hat hackers and investigators. In the past 30 days, 5012 bounty reports were received, of which 63 were valid. The exchange continues to welcome more reports and emphasizes the need for more bounty hunters who can decode mixers.

The Bybit attack underscores the vulnerability of even centralized exchanges with strong security measures to sophisticated cyberattacks. Analysts have pointed out that the incident is a stark reminder that even the strongest security measures can be undone by human error. In this case, attackers used a sophisticated social engineering technique to deceive signers into approving a malicious transaction that drained crypto from one of Bybit's cold wallets. This incident is more than twice the size of the $600 million Poly Network hack in August 2021, making it the largest crypto exchange breach to date.