In a troubling sign of escalating crypto laundering tactics, Bybit CEO Ben Zhou has revealed that hackers behind the exchange’s massive $1.5 billion heist are now moving stolen Bitcoin through privacy mixers and peer-to-peer (P2P) vendors, making recovery efforts increasingly difficult.
The latest update comes weeks after the February 2025 attack, widely believed to be orchestrated by North Korea’s notorious Lazarus Group. Zhou disclosed that the hackers converted a staggering 86% of the stolen assets, amounting to 440,091 ETH (around $1.23 billion) into 12,836 BTC.
These Bitcoin holdings have since been fragmented across 9,117 wallets, averaging 1.41 BTC per address in what appears to be a deliberate obfuscation strategy.
The methodical laundering process has alarmed investigators. Zhou confirmed that 193 BTC, valued at $16 million, has already been funneled through the Wasabi mixer, a privacy tool designed to obscure Bitcoin transaction trails using the CoinJoin protocol.
Once sufficiently laundered, these funds were dispersed to various peer-to-peer vendors, allowing direct transfers between individuals and making the money trail harder to trace. Zhou warned that this laundering method will likely expand, stating,
“Decoding mixer transactions is the no. 1 challenge we face now.”
Bybit’s data reveals that 88.8% of the stolen funds remain traceable, while 7.6% have become untraceable—a concerning development as funds vanish deeper into private markets. So far, 3.5% have been successfully frozen.
Lazarus Group’s Growing Crypto War Chest
This latest maneuver adds to the growing evidence that North Korea’s Lazarus Group is increasingly sophisticated in exploiting decentralized finance (DeFi) and cross-chain protocols. According to Arkham Intelligence, Lazarus now holds 13,400 BTC, much of it sourced from the Bybit hack.
Previously, the hackers converted ETH into BTC through THORChain, a cross-chain liquidity protocol known for facilitating asset swaps without intermediaries. This initial move allowed the group to bypass direct exchange monitoring and transfer value across blockchains undetected.
Privacy mixers like Wasabi, CryptoMixer, and Railgun are drawing renewed scrutiny from global regulators. While designed to protect individual financial privacy, these tools have become a favorite avenue for laundering large-scale illicit funds — complicating the work of cybersecurity firms and law enforcement.
The growing reliance on P2P vendors adds another layer of complexity. Unlike centralized exchanges bound by Know-Your-Customer (KYC) rules, P2P platforms operate in a gray area, often beyond the reach of current regulations.
This creates an ideal environment for rogue states and criminal groups to offload stolen digital assets into fiat or other cryptocurrencies.
Global Crypto Crime Trends Show No Signs of Slowing
Bybit’s revelations underscore an uncomfortable reality: even sophisticated crypto exchanges struggle to contain the fallout from major breaches once funds enter the labyrinth of mixers and P2P networks.
The situation mirrors broader industry concerns, especially following reports that crypto crime has become more professionalized. According to Chainalysis, cyber syndicates are increasingly leveraging advanced tools like artificial intelligence, stablecoin laundering, and now complex cross-chain mixers to evade detection.
What’s Next for Bybit and the Industry?
Bybit continues to work with blockchain analytics firms and law enforcement agencies to recover the stolen assets. However, the long-term implications of this attack — particularly the involvement of state-sponsored actors — raise difficult questions about the resilience of the crypto ecosystem against coordinated nation-state threats.
Zhou’s warning is clear: “We believe this trend will grow.” As hackers refine their techniques, the industry faces mounting pressure to strengthen its defenses and rethink global crypto regulation.
The Bybit hack, now among the largest in history, may serve as a tipping point — forcing regulators, platforms, and users to confront the uncomfortable trade-off between privacy and security in the crypto age.
