Bybit CEO: Two-Thirds of Funds From $1.4B Lazarus Group Hack Nonetheless Traceable – Decrypt

In short
Over two-thirds of the crypto stolen within the Bybit hack stays traceable, the agency's CEO mentioned.
27.59% of the stolen funds has “gone darkish.”
The $1.4 billion hack by North Korea's Lazarus Group was the largest in crypto historical past.
Over two-thirds of the $1.4 billion stolen within the largest crypto hack thus far, the Bybit breach, stays traceable, regardless of hackers utilizing an array of blending companies to cowl their tracks, in keeping with a brand new replace from the alternate’s CEO.In an govt abstract tweeted Monday, Bybit CEO Ben Zhou broke down the circulate of roughly 500,000 ETH stolen in February, revealing that 68.57% of the funds stay traceable, 27.59% have “gone darkish”, and three.84% have been frozen with the assistance of exchanges.
4.21.25 Government Abstract on Hacked Funds:Whole hacked funds of USD 1.4bn round 500k ETH. 68.57% stay traceable, 27.59% have gone darkish, 3.84% have been frozen. The untraceable funds primarily flowed into mixers then via bridges to P2P and OTC platforms. Just lately, we have now…
— Ben Zhou (@benbybit) April 21, 2025The newest report reveals how North Korea’s Lazarus Group, a hacking collective the FBI has formally linked to the theft, has tried to obscure its cash path because the hack.The group primarily used coin mixers like Wasabi mixer earlier than funneling funds via CryptoMixer, Twister Money, Railgun, and a slew of cross-chain platforms like Thorchain and Stargate, the CEO mentioned.Zhou mentioned a big portion of the stolen ETH, about 432,748 ETH, or 84.45%, was transformed into Bitcoin utilizing Thorchain, with 67.25% distributed throughout over 35,000 wallets.5,991 ETH, or about $16.77 million, stays on the Ethereum blockchain as we speak, scattered throughout 12,490 wallets with a median of 0.48 ETH every.On the Bitcoin aspect, 944 BTC, valued at $90.6 million, has been funneled via Wasabi Mixer alone.Zhou additionally confirmed that 531 BTC, equal to round 18,206 ETH or 3.57% of the stolen belongings, has since been bridged again to Ethereum through Thorchain.Most of the belongings finally landed on OTC desks and peer-to-peer fiat exchanges, Zhou added.Bybit’s Lazarus Bounty program, launched shortly after the hack, has obtained 5,443 reviews prior to now 60 days, of which 70 have been validated as official ideas, in keeping with Zhou.The alternate “welcome extra reviews,” Zhou mentioned, and that they might “want a whole lot of assist there down the street” from bounty hunters.Within the preliminary govt abstract launched final month, Zhou raised issues that Lazarus had already funneled 193 BTC via Wasabi on the time, and famous the stolen ETH was being laundered via a number of layers to make restoration harder.The Bybit CEO warned that mixer exercise would seemingly intensify, including that, “the pattern will develop” as extra funds try and exit the blockchain.Bybit has not instantly responded to Decrypt’s request for remark.In the meantime, eXch, a privacy-focused crypto alternate that had beforehand denied laundering allegations associated to the hack, introduced Thursday that it's going to shut down operations on Might 1.The closure follows allegations that eXch facilitated laundering efforts by North Korea’s Lazarus Group; in an e mail to Decrypt, the alternate acknowledged that it had processed “vastly a minor half” of the stolen Ethereum laundered via “a number of centralized and decentralized companies.”Each day Debrief NewsletterStart daily with the highest information tales proper now, plus unique options, a podcast, movies and extra.