Crypto’s largest theft, the $1.4 billion Bybit hack, has left blockchain sleuths racing against time. Lazarus Group, a North Korean cybercrime group, exploited a third-party wallet vulnerability, draining Ethereum using malware.
While blockchain analytics firms estimate 88% of stolen cash remains traceable, mixers and cross-chain swaps have made recovery a complex, high-stakes chase. Bybit’s CEO, Ben Zhou, revealed the hack on Twitter, pointing to a Lazarus Group bounty campaign to crowdsource leads.
The Bybit breach on February 21, 2025, leveraged cold wallet vulnerabilities via social engineering. Hackers misled employees into signing illicit transactions, rerouting 401,000 ETH (~$1.4B) via a rogue contract. Blockchain detective ZachXBT attributed the assault to North Korea’s Lazarus Group, finding similarity to earlier crypto heists.
Lazarus introduced malicious JavaScript into Bybit’s wallet system, masquerading transfers as ordinary. Funds were laundered through intermediate wallets and converted into Bitcoin and stablecoins, reflecting their history of laundering billions via decentralized exchanges.
Bybit and Stolen Funds
The stolen Bybit money was promptly laundered using innovative procedures. Initially, 86% of the stolen ETH, approximately 440,091 ETH, was exchanged into 12,836 BTC via decentralized exchanges like THORChain to bypass freezing mechanisms. The hackers then spread this cash over 9,117 wallets, each holding an average of 1.41 BTC.
Notably, 193 BTC ($16M) was sent via Wasabi Wallet, a mixer infamous for anonymizing transactions. It was then directed to peer-to-peer merchants for further obfuscation.
Mixers and cross-chain swaps have proven essential in impeding recovery attempts. Platforms like eXch permitted anonymous ETH-to-BTC transfers, processing hundreds of millions in stolen assets despite Bybit’s demands to halt suspicious activity. Bybit CEO Ben Zhou has described deciphering mixer transactions as the “biggest challenge,” with just 63 out of 5,012 submitted reward reports deemed actionable so far.
Industry’s Fight Back
Exchanges like Binance and OKX banned Lazarus-linked wallets, freezing $43.7M (3.54%) of stolen assets. Bybit’s Lazarus Bounty Program awarded $2.2M to 11 bounty hunters who deciphered mixer patterns. CEO Ben Zhou said 88.87% of $1.4B remains traceable; however, 7.59% “went dark” via mixers like Wasabi.
Bybit handled over 350,000 withdrawals within 12 hours, rebuilding reserves via emergency loans. Its 1:1 reserve guarantee prevented mass departures. Lazarus’ cross-chain swaps and mixers still complicate recovery, prompting Zhou to encourage additional “bounty hunters” to crack laundering tracks.
READ MORE: Pakistan Set to Legalize Cryptocurrency for Foreign Investment
