Bybit CEO Ben Zhou said that 20% of the stolen $1.4 billion worth of crypto has "gone dark," while 77% remains traceable, and 3% has been frozen.
On Feb. 21, Bybit suffered the largest-ever hack on a centralized crypto exchange, attributed to a targeted malware attack by the Lazarus Group. As a result, the exchange lost around 400,000 ETH and about 113,000 ETH-related tokens.
According to Zhou, the coming two weeks are critical for freezing funds hacked from the crypto exchange last month by the North Korean hacker group Lazarus.
"This and the coming week is critical for fund freezing as the funds will start to clear at exchanges, OTC and P2P," Zhou wrote in a Tuesday post on social media platform X.
The two-week timeframe given by the Bybit CEO may indicate a slim chance of the exchange fully recovering its lost assets.
Zhou explained that around 16% of the funds, or 79,655 ETH, went through non-KYC exchange eXch and are currently untraceable. "Still waiting for update," Zhou noted.
Another $100 million worth of ether went through the OKX Web3 proxy, out of which $65 million worth of funds remain untraceable, pending further information from OKX Web3.
Zhou said that 83% of the stolen ether has been converted into bitcoin and moved across 6,954 wallets. Hackers mostly utilized THORChain to move the stolen ether to bitcoin, with 72% of the total amount transferred through THORChain.
Decentralized cross-chain liquidity protocol THORChain saw a record weekly volume of $4.67 billion last week, according to data from DefiLlama. The record-setting volume of token swaps may be partially attributable to Bybit exploiters' activities.
As THORChain was actively utilized by North Korean hackers, internal debates arose about whether to block hackers' fund flows from entering the platform or maintain its decentralized, permissionless nature despite the potential for illicit activity.
TCB, a key member of THORChain, announced last Friday that he would leave the protocol.
"The ethos about being decentralized are just ideas," TCB wrote. "When the huge majority of your flows are stolen funds from North Korea for the biggest money heist in human history, it will become a national security issue, this isn't a game anymore."
While TCB later posted that the protocol is holding a vote to temporarily halt ETH on the platform until it finds a solution, THORChain has yet to announce whether to block illicit North Korean flows.
On the contrary, cross-chain DEX Chainflip halted its swapping platform soon after detecting activity by Bybit hackers, and announced new upgrades to prevent hacked funds from entering the protocol.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
