Bybit’s CEO Reports $380M in Crypto Stolen by Lazarus Group Now Untraceable
Bybit CEO Ben Zhou provided an update on the aftermath of the $1.4 billion hack orchestrated by North Korea’s Lazarus Group, revealing that 27.95% of the stolen funds have become untraceable. The vast majority of these funds were funneled into mixers and through cross-chain bridges, complicating recovery efforts.
In a post shared Monday on X, Zhou outlined the status of the stolen assets: “A total of USD 1.4 billion was stolen, equivalent to around 500,000 ETH. 68.57% remains traceable, 27.59% has gone dark, and 3.84% has been frozen.” Zhou also explained that the untraceable funds primarily flowed into mixers before being transferred through bridges to peer-to-peer (P2P) and over-the-counter (OTC) platforms.
The untraceable funds were initially washed through mixers such as Wasabi, Railgun, Tornado Cash, and CryptoMixer. Following this, the funds were moved via cross-chain bridges like Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap to obscure their origins. This multi-step process ultimately converted the illicit assets into more liquid cryptocurrencies.
The Lazarus Group initially gained control of a specific ETH cold wallet, draining 500,000 ETH. Forensics show that 432,748 ETH — or 84.45% of the total stolen funds — was converted into Bitcoin using Thorchain. Specifically, 342,975 ETH (around $960 million) was swapped for 10,003 BTC and spread across 35,772 wallets, averaging only 0.28 BTC per wallet to avoid detection.
Another 1.17% of the funds, or 5,991 ETH (approximately $16.77 million), remains on the Ethereum blockchain, distributed across 12,490 wallets.
In response to the hack, Bybit launched the Lazarus Bounty program, inviting the community to assist in tracking the stolen funds. Zhou noted that 5,443 reports have been submitted so far, with 70 deemed valid. He called for more assistance in decoding the complex mixer transactions: “We need more bounty hunters with the expertise to decode mixers and help us track these funds in the future.”
This hack underscores the increasingly sophisticated methods used by state-sponsored groups to launder stolen crypto, making it more challenging for exchanges and law enforcement to recover funds.
