Why trust Greenbot
North Korean hackers who stole $1.4 billion from cryptocurrency exchange Bybit haven’t completely covered their tracks. The stolen funds remain 77% traceable on blockchain networks, Bybit CEO Ben Zhou revealed.
Zhou’s March 4 announcement details how 77% of stolen funds remain traceable, 20% have “gone dark,” and 3% have been successfully frozen. About 83% of the stolen Ethereum (417,348 ETH) was converted to Bitcoin, dispersing it across 6,954 wallets with an average of 1.71 BTC each.
“This and the coming week is critical for fund freezing as the funds will start to clear at exchanges, over-the-counter, and peer-to-peer,” Zhou warned.
Several laundering routes were identified. THORChain processed 72% of the stolen funds, and the transaction volume was so immense that it set an all-time record of $4.66 billion in weekly swaps.
Another 16% (79,655 ETH) vanished through ExCH, a mixing service that temporarily collapsed under the transaction volume. The remaining funds moved through OKX Web3 proxy services, with 23,553 ETH ($65 million) becoming untraceable.
The February hack marks the largest cryptocurrency hack in history. Hackers exploited Bybit’s SafeWallet infrastructure through malicious code injection. They compromised a developer’s device to manipulate wallet transfers and siphon the funds.
The FBI officially attributes the attack to North Korea’s Lazarus Group. Intelligence agencies link these funds to North Korea’s nuclear weapons financing efforts – a pattern established through multiple cryptocurrency thefts in recent years.
Bybit’s $140 million bounty program has already paid $2.1 million to eleven contributors who assisted in freezing assets. Key participants include blockchain investigators and DeFi platforms that identified suspicious transactions.
Blockchain experts warn that many of the traceable funds could soon become permanently irrecoverable as they clear through various exchange platforms. “Rapid response is key,” emphasized Deddy Lavid, CEO of Cyvers. Once funds are deeply obfuscated, recovery becomes significantly harder.”
Despite the massive breach, Bybit demonstrated remarkable resilience. They fully restored customer assets within three days and continue processing withdrawals normally.
Security firms suggest the incident may accelerate the development of preventive technologies like off-chain transaction validation, which could potentially block similar attacks in the future.
