Bybit hackers managed to launder $1.4 billion in 10 days

Hackers who stole 499,000 ETH ($1.4 billion) from the Bybit exchange laundered the stolen funds entirely through decentralized platforms. The process took 10 days, on-chain analysts EmberCN reported. A significant portion of the ETH was converted into Bitcoin. This is reported by RBC Crypto.

Bybit is one of the world's largest crypto asset trading platforms. In December and January, it ranked third in trading volumes on both the spot and futures markets, according to Wu Blockchain. The platform is also very popular among Russians – almost a third of Internet traffic in January 2025 came from Russia.

Bybit was hacked on February 21, with hackers gaining access to the exchange's cold wallet where Ethereum was stored. Bybit assured that no other wallets were affected. By February 24, the crypto exchange had fully recovered the stolen funds through direct purchases and borrowing.

The Bybit hack resulted in record trading volume on the THORChain protocol, with $4.66 billion in swaps moving through the platform in the week ending March 2, including $1 billion in the 24 hours of March 2. According to data from analytics firm Nansen, provided to CoinDesk, the funds moved through a complex network of wallets with gradual volume splitting, with THORChain, Paraswap, Mantle, OK DEX, and DODO being the key platforms for swaps.

THORChain is a decentralized cross-chain protocol for exchanging assets between blockchains without wrapped tokens and intermediaries. It uses liquidity pools provided by users, and its RUNE token serves for security and transaction execution. The service supports native swaps of BTC, ETH, ATOM, LTC and other assets.

The THORChain protocol has recorded record revenues amid hacker activity. According to EmberCN, the platform's transaction volume reached $5.9 billion during this period, while the platform's fees amounted to $5.5 million.

The US FBI and on-chain researchers blame the Bybit hack on the North Korean hacker group Lazarus, known for laundering schemes through decentralized bridges and obfuscated transactions in DeFi protocols. In late February, the exchange declared “war” on Lazarus and offered a reward for those who help freeze the stolen funds. The platform promises to pay out “bounties” totaling $140 million.

According to Bybit CEO Ben Zhou, 77% of the stolen assets can still be traced, 20% have become untraceable, and 3% have been frozen. Bybit has already paid $2.17 million in USDT to 11 organizations for helping to freeze the funds.

Chances of return

Law enforcement agencies, analytical systems (Elliptic, Chainalysis, Arkham) and teams of enthusiasts have joined the investigation of the Bybit hack, noted Grigory Osipov, Director of Investigations at Shard. According to him, all more or less well-known Russian research teams have made their own versions of investigations, and from foreign ones, Nansen, Pickshield, SlowMist, CertiK and individual crypto detectives like ZachXBT, who was the first to report the Bybit hack.

“THORChain continues to operate as before, and Bybit's management was unable to put pressure on it. Part of the stolen funds is still in cold storage wallets, and in the current reality, it will be entirely possible to exchange these funds through decentralized services, even despite the markup, since blockchain bridges do not technologically perform personal identification procedures,” says Osipov.

At the same time, the wording “completely laundered the stolen funds” is very controversial, the expert believes. He explained that if we evaluate the hackers' success, we need to understand what is considered the final point – this story is being paid very close attention, and the funds will be searched for for a long time, trying to compare and link them to the stolen ones.

Источник: cryptocurrency.tech