Bybit Hackers Laundered 89,500 ETH In 2.5 Days; 82% of Funds Remain

Cryptocurrency exchange Bybit continues to deal with the aftermath of its massive security breach as hackers begin laundering portions of the stolen funds.

Recent analysis shows the attackers have converted 89,500 ETH (worth approximately $224 million) to other cryptocurrencies over just 2.5 days.

This laundering activity represents only 18% of the total 499,000 ETH stolen during the February 21 breach, which stands as the largest cryptocurrency theft in history.

Industry experts are closely monitoring the hackers’ movements as they attempt to convert the stolen assets while evading detection.

Blockchain analyst EmberCN has tracked the laundering operations and notes that at the current pace, attackers would need approximately two more weeks to convert all remaining 410,000 ETH into alternative assets such as Bitcoin and DAI.

Hackers use THORChain for cross-chain swaps

The Bybit hackers have established a clear pattern in their laundering strategy, primarily relying on THORChain to allow cross-chain transfers.

This decentralized liquidity protocol allows users to swap tokens across different blockchain networks without traditional intermediaries.

By using THORChain, the attackers can move stolen ETH to multiple blockchain ecosystems simultaneously.

This method aligns with tactics previously observed in attacks attributed to North Korean state-sponsored hacking groups.

The laundering process follows a multi-stage approach, including initial fund dispersion through several intermediary wallets, conversion to various cryptocurrencies, and strategic dormancy periods designed to outlast heightened scrutiny from blockchain analysis firms.

Chainalysis, which is assisting in the investigation, has identified similarities between the Bybit attack and previous North Korean hacking operations.

Bybit Acquires Replacement ETH Through OTC Markets

While hackers work to liquidate their stolen funds, Bybit has taken swift action to restore its operational reserves.

Data from blockchain analytics firm Lookonchain reveals that Bybit has purchased 212,101 ETH (valued at approximately $574 million) through over-the-counter (OTC) markets in just three days.

The most recent acquisition occurred just hours ago when Bybit obtained another 36,893 ETH ($87.5 million).

These large purchases allow the exchange to maintain liquidity and fulfill its promise to cover customer losses from the breach.

OTC transactions allow Bybit to acquire large volumes of cryptocurrency without causing major price fluctuations that would occur through standard exchange purchases.

This approach minimizes market impact while Bybit works to restore its reserves.

The exchange continues to cooperate with blockchain forensic experts, including Chainalysis, to track the stolen funds.

Their efforts have already resulted in freezing over $40 million of the stolen assets, though this represents just a small fraction of the total theft.

Recovery Efforts and Industry Collaboration

Bybit has launched an aggressive recovery plan following the breach, offering a bounty of up to 10% for information leading to the recovery of stolen assets.

This approach mirrors strategies used by other exchanges that have faced similar security incidents in the past.

The exchange is working closely with Chainalysis and other blockchain analytics firms to trace and potentially freeze additional stolen funds.

These collaborative efforts have become standard practice in the cryptocurrency industry when dealing with large-scale thefts.

Industry participants have rallied to support Bybit through this crisis. Several exchanges have pledged to flag and freeze any suspicious transactions that might be linked to the stolen ETH.

This coordinated approach has proven effective in previous crypto recovery operations.