TLDR
- North Korean hackers successfully relocated $280 million of pilfered cryptocurrency from Bybit.
- In a daring operation in February 2025, hackers stole $1.4 billion from Bybit. The notorious Lazarus Group from North Korea reportedly managed to launder all 499,000 ETH in a matter of days.
- THORChain emerged as the main conduit for the laundering operations, moving a staggering $605 million in transactions within just 24 hours, pocketing $5.5 million in fees.
- Out of the stolen funds, 20% or $280 million have vanished without a trace, while 77% can still be tracked, and 3% remain locked.
- The cybercriminals converted a significant 83% of the stolen loot into Bitcoin, dispersing it across nearly 7,000 different wallets.
Bybit has taken proactive steps by launching Lazarusbounty.com, rewarding $2.17 million to 11 individuals aiding in the funds' recovery.
In a startling turn of events, Bybit revealed that $1.4 billion in cryptocurrencies were stolen in February 2025. The heist included about 499,000 Ethereum tokens.
It’s believed the sophisticated North Korean outfit, Lazarus Group, orchestrated the attack and managed to launder the complete haul in less than two weeks post-robbery.
3.4.25 Executive Summary on Hacked Funds:
Bybit's CEO, Ben Zhou, shared insights on the situation of the seized assets, noting that 77% remain traceable, albeit 20% have become invisible to trackers.
Breakdown:
– 83% (417,348 ETH, $1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…— Ben Zhou (@benbybit) March 4, 2025
A total of $1.4 billion or about 500,000 ETH were taken, 77% are still traceable, 20% have slipped from sight, and 3% are currently frozen.
Using THORChain, a decentralized protocol, the hackers converted the embezzled Ethereum into Bitcoin, executing $605 million in transactions in just a 24-hour span.
Tracking The Billions
The platform racked up $5.5 billion in transaction throughput during the laundering phase, earning $5.5 million from these operations.
THORChain came under fire from the crypto community for its involvement in the laundering. A key contributor named Pluto left after a proposal to cease Ethereum transactions was turned down by other validators.
Converting 83% of the misappropriated sums into Bitcoin, the criminals dispersed these funds among almost 7,000 crypto wallets.
THORChain handled 72% of the laundered assets, translating to $900 million. The rest traveled through various other channels.
Some 16% of the resources became invisible after passing through ExCH. Meanwhile, OKX Web3 Proxy managed another 8% of the haul, worth about $100 million.
Investigators have succeeded in freezing 3% of the stolen assets, amounting to approximately $42 million in recovered digital currencies.
To trace the stolen funds, Bybit launched the website Lazarusbounty.com, offering incentives to exchanges that facilitate asset recovery.
The exchange granted $2.17 million in bounties to 11 different entities or teams. Mantle, Paraswap, and ZachXBT have been standout contributors in the retrieval mission.
Thx to the @elliptic Analysts at Elliptic, a blockchain firm, uncovered over 11,000 wallets tied to the Bybit hackers, aiding in the tracing of stolen resources. https://t.co/bmFZJ0Hn3y
— Ben Zhou (@benbybit) February 26, 2025
Appreciation is due to the team for compiling real-time data on the Bybit incident, acknowledging their dedicated efforts and contributions.
On February 25, Bybit engaged ZeroShadow, a Web3 security firm, for blockchain investigative work, primarily to trace and immobilize stolen holdings.
