
The largest theft in crypto history, the $1.4 billion Bybit hack, is putting blockchain investigators under pressure. The Lazarus Group, a North Korean cybercrime group, exploited a vulnerability in a third-party wallet to steal Ethereum using malware.
Although blockchain analytics firms estimate that 88% of the stolen funds remain traceable, mixers and cross-chain swaps have made recovery a complex, risky quest. Bybit’s CEO, Ben Zhou, revealed the hack on Twitter, pointing to a bounty campaign by the Lazarus Group to gather leads.
The Bybit breach on February 21, 2025, exploited vulnerabilities in cold wallets through social engineering. Hackers deceived employees into signing illegitimate transactions, diverting 401,000 ETH (approximately $1.4 billion) through a fraudulent contract. Blockchain detective ZachXBT attributed the attack to North Korea’s Lazarus group, finding similarities to previous crypto thefts.
Lazarus injected malicious JavaScript into Bybit’s wallet system, disguising transfers as normal. The funds were routed through intermediate wallets and converted into Bitcoin and stablecoins, reflecting their pattern of laundering billions through decentralized exchanges.
Bybit Hack and Stolen Funds
The stolen $1.4 billion in Bybit funds were quickly laundered using sophisticated techniques. Initially, 86% of the stolen ETH, approximately 440,091 ETH, was converted into 12,836 BTC via decentralized exchanges such as THORChain to bypass locking mechanisms. The hackers then distributed this money among 9,117 wallets, each containing an average of 1.41 BTC. It is worth noting that 193 BTC (16 million US dollars) were sent via Wasabi Wallet, a notorious mixer for anonymizing transactions, and then forwarded to peer-to-peer traders to cover the trail.
Mixers and cross-chain swaps have proven crucial in hampering recovery attempts. Platforms like eXch enabled anonymous ETH-to-BTC transfers and processed hundreds of millions of stolen assets, despite Bybit’s demands to cease suspicious activity. Bybit CEO Ben Zhou described deciphering mixer transactions as the “biggest challenge,” with only 63 of 5,012 submitted reward reports deemed actionable so far.
Industry Fights Back
Exchanges like Binance and OKX have locked wallets associated with the Lazarus group, freezing $43.7 million (3.54%) of the stolen assets. Bybit’s Lazarus Bounty Program awarded $2.2 million to 11 bounty hunters who deciphered mixer patterns. CEO Ben Zhou said that 88.87% of the $1.4 billion remains traceable; However, 7.59% “disappeared into the dark” through mixers like Wasabi.
Bybit processed over 350,000 withdrawals within 12 hours and rebuilt reserves through emergency loans. Its 1:1 reserve guarantee prevented mass exodus. Lazarus’ cross-chain swaps and mixers continue to complicate recovery, prompting Zhou to encourage additional “bounty hunters” to break the money laundering trail.
[newsletter_form lists="1"]