On Tuesday, Ben Zhou, CEO of Bybit, updated the status of the stolen funds on the social media platform X. He stated that nearly 500,000 Ethereum (worth approximately $1.4 billion) had been stolen by hackers, with 77% currently traceable, 20% having “disappeared,” and 3% frozen.
The Bybit hack that occurred last month is the largest theft in cryptocurrency history. Analysis from various sectors confirmed that it was perpetrated by the North Korean hacking group Lazarus Group. Subsequent investigations revealed that the compromised machine actually belonged to a developer of a Safe wallet, rather than a Bybit employee.
Ben Zhou noted that 83% of the stolen funds (417,348 ETH, valued at about $1 billion) had been converted to Bitcoin (BTC) and dispersed across 6,954 wallets (averaging 1.71 BTC per wallet). Zhou remarked that this week and the next are critical for freezing the funds, as the hackers will begin laundering the money through exchanges, over-the-counter (OTC) trades, and peer-to-peer (P2P) transactions.
According to Ben Zhou, the hackers primarily used the privacy-focused blockchain THORChain for laundering, with the detailed flow of funds as follows:
– The amount of ETH exchanged through THORChain was 361,255 (worth approximately $900 million), accounting for 72%, and this portion is traceable.
– 79,655 ETH (approximately 16% of the stolen funds) remains untraceable due to laundering through the exchange eXch, and a response from eXch is awaited.
– 40,233 ETH (about $100 million, accounting for 8%) was laundered via the OKX Web3 proxy, of which 16,680 ETH is traceable, while the remaining 23,553 ETH (approximately $65 million, about 5%) is untraceable and requires information from the OKX Web3 wallet department.
On-chain data analyst Yu Jin pointed out that the hacker’s laundering process lasted ten days, during which THORChain handled approximately $5.9 billion in transactions, generating $5.5 million in transaction fee revenue.
