Nearly two-thirds of the digital assets stolen in the February 2025 Bybit hack remain traceable, according to CEO Ben Zhou, who shared new details about what has become the largest crypto exchange breach to date.
In an April 21 post on X, Zhou revealed that of the $1.4 billion siphoned from the exchange—allegedly by the North Korea-linked Lazarus Group—approximately 68.6% of the funds are still trackable on-chain. He added that 27.6% of the stolen assets have vanished through hard-to-trace methods, while only 3.8% have been frozen so far.
Zhou explained that the untraceable portion was funneled through a complex laundering process involving mixers and cross-chain bridges before being moved to peer-to-peer (P2P) and over-the-counter (OTC) platforms. Despite the challenge, he expressed optimism that blockchain forensics teams and bounty hunters could recover a significant portion of the remaining assets.
The breach, which exploited vulnerabilities in Bybit’s cold wallet system, has reignited industry-wide debates about centralized custody, exchange security, and the increasing sophistication of state-linked hacking groups.
Hackers Used Mixers and Bridges to Launder BTC
According to Zhou, blockchain tracing shows that Wasabi was the primary mixer used in the laundering scheme. Approximately 944 Bitcoin—worth nearly $90 million—was routed through the privacy-focused service. Smaller amounts were processed through other well-known mixers, including CryptoMixer, Tornado Cash, and Railgun.
But the operation didn’t end there. The attackers also utilized a network of decentralized cross-chain and swap protocols to further obfuscate their trail. Zhou confirmed that platforms like THORChain, eXch, Lombard, LI.FI, Stargate, and SunSwap were all involved in the laundering process before the funds eventually made their way into P2P and OTC networks.
A critical shift in strategy emerged: nearly 432,748 Ether—roughly 84% of the Ethereum-based portion—was bridged to Bitcoin via THORChain. From there, around $960 million in ETH was converted into 10,003 BTC and distributed across more than 35,000 wallets.
Despite the elaborate laundering network, roughly $17 million in ETH remains on-chain across 12,490 Ethereum wallets, providing a slim opportunity for further recovery.
Bybit Pays $2.3M in Bounties for Leads
Bybit has disbursed $2.3 million in bounty rewards as part of its ongoing Lazarus Bounty program—an initiative launched in February to recover assets from the record-setting $1.4 billion breach.
According to Zhou, the exchange received more than 5,400 bounty submissions over the past 60 days. However, only 70 reports were deemed credible. A significant portion of the rewards went to the Mantle layer-2 platform, which helped freeze $42 million worth of stolen assets.
Bybit’s program offers a total reward pool of $140 million, targeting individuals or groups capable of tracing funds through mixers and advanced laundering channels.
“We welcome more reports, we need more bounty hunters that can decode mixers, as we need a lot of help there down the road,” Zhou said.
Meanwhile, eXch—a controversial crypto exchange linked to the laundering operation—announced it would shut down operations on May 1, following increased public and regulatory pressure.
Quick Facts
- About 68.6% of the $1.4 billion stolen from Bybit remains traceable on-chain.
- Hackers used mixers and cross-chain bridges to launder funds.
- $2.3 million in bounties has been paid out by Bybit’s Lazarus program.
- Platforms like OKX and eXch are under regulatory scrutiny for possible roles in the laundering pipeline.
