tl;dr
Over two-thirds (68.57%) of the $1.4 billion stolen in the Bybit crypto hack remain traceable, despite hackers using mixing services. The North Korean Lazarus Group, linked by the FBI to the theft, used various mixers and cross-chain platforms to launder funds, converting much stolen ETH into Bitcoi...
Over two-thirds (68.57%) of the $1.4 billion stolen in the Bybit hack remain traceable despite laundering attempts using mixers and bridges.
North Korea’s Lazarus Group employed complex mixing services and cross-chain platforms to obscure the stolen funds' trail.
A majority (84.45%) of the stolen ETH was converted to Bitcoin via Thorchain and dispersed across tens of thousands of wallets.
Bybit's bounty program has validated 70 legitimate reports out of 5,443 submissions to aid in tracking the stolen assets.
The privacy-focused exchange eXch will shut down following allegations of facilitating laundering related to the Lazarus Group hack.
Detailed analysis reveals that about 3.84% of the hacked funds have been frozen, while 27.59% have gone dark.
The untraceable portion primarily flowed into mixers and then through bridges to peer-to-peer and over-the-counter platforms.
North Korea’s Lazarus Group, linked officially by the FBI to the theft, utilized mixers such as Wasabi Mixer, CryptoMixer, Tornado Cash, and Railgun.
Cross-chain platforms like Thorchain and Stargate were extensively used to launder the stolen assets.
Approximately 432,748 ETH, or 84.45% of the stolen assets, were converted into Bitcoin through Thorchain, with 67.25% distributed across over 35,000 wallets.
On the Ethereum blockchain, 5,991 ETH, approximately $16.77 million, remain scattered across 12,490 wallets with an average balance of 0.48 ETH each.
On the Bitcoin side, 944 BTC valued at $90.6 million has flowed through Wasabi Mixer alone.
A further 531 BTC, representing around 3.57% of the stolen assets, has been bridged back to Ethereum via Thorchain.
A significant portion of the laundered assets ended up on OTC desks and peer-to-peer fiat exchanges.
Bybit’s Lazarus Bounty program, launched shortly after the hack, has received 5,443 reports over 60 days, validating 70 as legitimate tips.
The exchange encourages continued reports, emphasizing ongoing efforts to track and recover stolen assets.
The CEO warns that mixer activity will likely intensify as more funds attempt to exit blockchain visibility.
Meanwhile, eXch, a privacy-focused exchange, announced it will cease operations on May 1 amid laundering allegations linked to the Lazarus Group hack.
The exchange admitted processing a minor part of the stolen Ethereum through various centralized and decentralized services.