Bybit update reveals evolving methods for tracking stolen crypto. The new approaches expose money transfers and spur focused efforts to reclaim digital assets amid changing money laundering tactics.
On March 20, Bybit CEO Ben Zhou revealed that 88.87% of the $1.4 billion stolen in the recent Bybit hack is still traceable, nearly a month after the security breach.
He noted that 7.59% of the funds are lost, while 3.54% are frozen.
Zhou’s update comes after continued efforts by blockchain security firms and exchanges to track and recover stolen crypto assets.
Bybit Hack: Latest Developments on Stolen Funds
In a March 20 post, Zhou shared the current status of the stolen funds, stating: “The total hacked amount is $1.4 billion, approximately 500,000 ETH. 88.87% is still traceable, 7.59% is gone, 3.54% is frozen.”
This update comes two weeks after Bybit’s initial report, which stated that 77% of the stolen Ethereum was still traceable.
Blockchain security firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the likely perpetrators of the attack.
In the weeks following the attack, cybercriminals moved and exchanged funds in an attempt to evade detection.
Lazarus Group Tactics and Crypto Recovery Efforts
Security analysts reported that it took Lazarus Group just 10 days to launder all of the stolen Bybit funds through THORChain, a decentralized cross-chain protocol.
Zhou added that 86.29% of the stolen funds, equivalent to 440,091 ETH (~$1.23 billion), were converted to 12,836 BTC and distributed across 9,117 wallets.
To cover their tracks, the attackers relied heavily on Bitcoin mixers, including Wasabi, CryptoMixer, Railgun, and Tornado Cash.
Despite these money laundering tactics, efforts to trace and recover assets continue across the crypto industry.
Blockchain security experts remain hopeful that some of the funds may still be frozen and recovered.
The recovery effort has brought together 12 different organizations, including Mantle, Paraswap, and blockchain forensics firm ZachXBT.
Bybit’s dedicated website continues to monitor wallet activity and provide updates to users and investigators.
The exchange also promises a 10% reward for any funds successfully recovered by white hat hackers and blockchain forensics investigators.
So far, bounty hunters have earned $2.2 million for their assistance.
Bybit’s case highlights the crypto industry’s history of recovering stolen funds
The Bybit incident is not the first time the crypto industry has mobilized to recover stolen funds.
In 2023, Jump Crypto recovered $140 million in tokens after fending off a Wormhole protocol attacker.
Similarly, in early 2024, the U.S. government recovered more than $2.6 million in funds related to the Lazarus Group’s cyberattack on Deribit and a digital casino.
A United Nations expert panel later reported that up to 40% of the stolen funds were funneled into North Korea’s weapons of mass destruction program.
The Lazarus Group’s continued cryptocurrency thefts have raised global security concerns.
In September 2024, the FBI warned about the group’s cyber tactics and potential impact on the blockchain industry.
FAQs
How does blockchain tracking identify illicit money transfers?
Blockchain tracking leverages the transparency of the ledger and data analytics to track money transfers. Experts link wallet activity to known entities, creating trails that indicate misuse and revealing patterns of fund flows.
How do mixing services complicate the tracking of cryptocurrency funds?
Mixing services obfuscate transaction paths by mixing funds from multiple users, making it harder to trace their origins. They disrupt clear fund trails, forcing analysts to rely on patterns rather than direct links.
What broader implications does this have for digital asset security?
The incident prompted a deeper look at digital asset protection measures. It prompted experts to refine tracking techniques and improve system auditing, prompting a closer look at policy, technology, and collaborative oversight.
