The hacker responsible for the massive Bybit exchange theft has successfully laundered all 499,395 ETH stolen during the February attack, primarily utilizing THORChain for cross-chain conversions. This marks the complete movement of funds from what has been labeled the largest cryptocurrency theft in history.
North Korea’s Lazarus Group, identified as the perpetrator by multiple blockchain analytics firms including Arkham Intelligence, has converted the entirety of the stolen assets despite being under scrutiny from international authorities.
This development comes just two months after South Korean officials sanctioned 15 North Korean individuals allegedly involved in cryptocurrency heists to fund the country’s nuclear weapons program.
Lookonchain confirms all Bybit stolen funds laundered
The February 21 breach resulted in the theft of over $1.4 billion worth of liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and various ERC-20 tokens. On March 4, blockchain security firm Lookonchain reported that 500,000 stolen ETH had been transferred via THORChain’s decentralized cross-chain protocol, obscuring the transaction history.
The #Bybit hacker has laundered all the stolen 499,395 $ETH($1.04B currently), mainly through #THORChain.https://t.co/VSpKk7KSNp pic.twitter.com/HL4gb9f4e8
— Lookonchain (@lookonchain) March 4, 2025
Despite the comprehensive laundering operation, security experts maintain that recovery possibilities still exist. Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers, stated that while laundering through mixers and cross-chain swaps complicates asset recovery, cybersecurity firms utilizing on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators still have limited opportunities to trace and potentially freeze assets.
Lavid emphasized that rapid response is essential in such cases, noting that “once funds are deeply obfuscated, recovery becomes significantly harder.” He added that prevention during or before the hack remains the most effective security approach.
3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…— Ben Zhou (@benbybit) March 4, 2025
Bybit CEO Ben Zhou provided additional insights earlier on X, confirming that approximately 77% of the stolen funds remain traceable, while about $280 million “has gone dark.” Zhou also reported that 3% of the stolen assets have been successfully frozen.
The exchange has maintained operational continuity throughout the crisis, honoring all customer withdrawal requests. By February 24, just three days after the attack, Bybit had fully replaced the $1.4 billion in stolen Ether, ensuring customers were not affected by the breach.
Source: https://www.cryptonewsz.com/bybit-hacker-completes-laundering-1-4-billion/