The hacker responsible for the historic $1.4 billion Bybit exploit has now laundered more than $335 million worth of stolen digital assets, with investigators continuing to track the remaining funds.
The Feb. 21 hack, which targeted liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other assets, sent shockwaves through the crypto market, marking the largest exchange exploit in history. Investor sentiment took a major hit as Bybit struggled to recover from the loss.
On-chain data shows that in the past 24 hours alone, the hacker moved 45,900 ETH—worth approximately $113 million—across various addresses, bringing the total laundered amount to 135,000 ETH ($335 million). According to blockchain analyst EmberCN, the attacker still holds roughly 363,900 ETH, valued at around $900 million in undistributed stolen assets.
Despite efforts by blockchain intelligence firms and exchanges to track and freeze the stolen funds, the hacker has continued to move assets, exploiting weaknesses in cross-chain protocols and decentralized finance (DeFi) platforms to obscure transactions. With a vast sum still at large, security experts warn that further laundering attempts are likely in the coming days.
Inside the Bybit Hack: How Attackers Stole $1.46 Billion in ETH
The February 21 Bybit hack has officially gone down as one of the largest cryptocurrency exchange breaches in history, with attackers draining approximately 401,000 ETH—worth $1.46 billion at the time—from the exchange’s cold wallet. Blockchain security firm Blockaid labeled it the most significant exchange exploit ever recorded.
According to Chainalysis, the attack was orchestrated through a phishing campaign that targeted Bybit’s cold wallet signers. Once compromised, the hackers gained access to the exchange’s internal systems and swapped the multisignature wallet implementation contract with a malicious version. This critical vulnerability allowed them to approve and execute unauthorized fund transfers without detection.
The exploit escalated when the hackers intercepted a routine transfer from Bybit’s Ethereum cold wallet to its hot wallet, rerouting 401,000 ETH to multiple intermediary wallets instead of the intended destination.
Blockchain intelligence firms, including Arkham Intelligence, have corroborated findings that Lazarus Group was behind the operation. In response, Bybit CEO Ben Zhou has vowed to take action, declaring “war” on the Lazarus Group and committing to enhanced security measures while working to recover the stolen funds.
Despite the scale of the attack, Bybit’s response may help rebuild trust in centralized cryptocurrency exchanges (CEXs). The exchange has continued to honor customer withdrawals and had fully replaced the stolen $1.4 billion in Ether by February 24, just three days after the attack. Industry figures suggest that Bybit’s immediate response prevented a larger market sell-off and may restore confidence in CEXs as responsible custodians of digital assets.
Quick Facts:
- Bybit suffered a $1.4 billion hack on February 21, 2025, marking the most significant theft in cryptocurrency history.
- Hackers have laundered over $335 million of the stolen assets, with $900 million in ETH still unaccounted for.
- North Korea’s Lazarus Group is identified as the likely entity behind the attack.
- The exchange has replenished the stolen funds and continues to honor customer withdrawals, aiming to restore trust in centralized platforms.
