Stolen crypto assets amounting to 20% were reportedly secreted away by CEO of Bybit.
Title: The Bybit Hack: Tracking the $1 Billion in Stolen Ether
Let's dive into the rollercoaster ride that was the Bybit hack back in February 2025, where a whopping $1.4 billion in Ethereum and other tokens were swiped. Here's a lowdown on the current status and the winding trail of the stolen funds.
The Current State of Affairs
- Elusive Funds: Approximately $644 million of the pilfered Ethereum (50% of the total) has seeming vanished from view, hiding in the labyrinth of obscure blockchain monitoring. It's essential to note that these funds haven't necessarily vanished, but they've been skillfully shrouded through various clandestine mixing services.
- The Frozen Front: There's no concrete information about any funds being locked away, but the theatrical dance of tracing and potentially resurrecting the misappropriated assets is in full swing, spearheaded by Bybit's LazarusBounty initiative.
The Great Escape - How the Stolen Funds fled the Scene
- The sneaky trail left by the swiped funds led primarily through crypto mixing services, meticulously designed to blur the boundary between origin and destination. Services like Wasabi Wallet, exch, Tornado Cash, and Railgun were imprudently employed.
- The Wasabi Wallet's Twist: A jaw-dropping $247.5 million infiltrated this service.
- exch's Shady Closure: $94.1 million side-stepped through this platform, despite its public tombstone.
- The Whirlwind of Tornado Cash and Railgun: A mere $2.5 million and $1.7 million, respectively, were laundered through these services.
The Key Players in this Greedy Game
- Lazarus Group (aka APT38): This North Korean state-backed hacking squadron was the sinister mastermind behind the heist. They ingeniously orchestrated a cunning phishing campaign targeting Safe{Wallet}, Bybit's multisig wallet provider.
- TraderTraitor: Linked to the crime but more information suggests it was primarily Lazarus Group orchestrating the heist.
- Safe Infrastructure Sabotage: The devious attackers infiltrated a Safe{Wallet} developer's machine, injecting malware into the Safe{Wallet} user interface. This allowed the miscreants to craftively trick Bybit multisig signers into approving dubious transactions.
As the dust settles, it's fascinating to observe how the intricate dance of cybercrime and high-stakes digital finance unfolds. Though no specific information is available about the involvement of THORChain, Paraswap, FBI, Sygnia, OKX Web3 Wallet, or Binance in the tracking or movement of the stolen funds, Bybit's CEO, Ben Zhou, and the company are diligently immersed in investigating and countering the hack.
- The stolen Ethereum, valued at approximately $644 million, has been skillfully shrouded through various clandestine mixing services such as Wasabi Wallet, Tornado Cash, and Railgun in the industry, causing concerns in the realm of finance and technology.
- Meanwhile, Bitcoin and other crypto platforms like THORChain, Paraswap, FBI, Sygnia, OKX Web3 Wallet, and Binance may have a role in the movement or tracking of the stolen funds, as Bybit's CEO, Ben Zhou, and the company continue their immersive investigations.
