Bybit CEO: Two-Thirds of Funds From $1.4B Lazarus Group Hack Still Traceable

Over two-thirds of the $1.4 billion stolen in the largest crypto hack to date, the Bybit breach, remains traceable, despite hackers using an array of mixing services to cover their tracks, according to a new update from the exchange’s CEO.In an executive summary tweeted Monday, Bybit CEO Ben Zhou broke down the flow of roughly 500,000 ETH stolen in February, revealing that 68.57% of the funds remain traceable, 27.59% have “gone dark”, and 3.84% have been frozen with the help of exchanges.4.21.25 Executive Summary on Hacked Funds:Total hacked funds of USD 1.4bn around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen. The untraceable funds primarily flowed into mixers then through bridges to P2P and OTC platforms. Recently, we have…— Ben Zhou (@benbybit) April 21, 2025The latest report shows how North Korea’s Lazarus Group, a hacking collective the FBI has officially linked to the theft, has tried to obscure its money trail since the hack.The group primarily used coin mixers like Wasabi mixer before funneling funds through CryptoMixer, Tornado Cash, Railgun, and a slew of cross-chain platforms like Thorchain and Stargate, the CEO said.Zhou said a large portion of the stolen ETH, about 432,748 ETH, or 84.45%, was converted into Bitcoin using Thorchain, with 67.25% distributed across over 35,000 wallets.5,991 ETH, or about $16.77 million, remains on the Ethereum blockchain today, scattered across 12,490 wallets with an average of 0.48 ETH each.On the Bitcoin side, 944 BTC, valued at $90.6 million, has been funneled through Wasabi Mixer alone.Zhou also confirmed that 531 BTC, equivalent to around 18,206 ETH or 3.57% of the stolen assets, has since been bridged back to Ethereum via Thorchain.Many of the assets ultimately landed on OTC desks and peer-to-peer fiat exchanges, Zhou added.Bybit’s Lazarus Bounty program, launched shortly after the hack, has received 5,443 reports in the past 60 days, of which 70 have been validated as legitimate tips, according to Zhou.The exchange “welcome more reports,” Zhou said, and that they would “need a lot of help there down the road” from bounty hunters.In the initial executive summary released last month, Zhou raised concerns that Lazarus had already funneled 193 BTC through Wasabi at the time, and noted the stolen ETH was being laundered through multiple layers to make recovery more difficult.The Bybit CEO warned that mixer activity would likely intensify, adding that, “the trend will grow” as more funds attempt to exit the blockchain.Bybit has not immediately responded to Decrypt’s request for comment.Meanwhile, eXch, a privacy-focused crypto exchange that had previously denied laundering allegations related to the hack, announced Thursday that it will shut down operations on May 1.The closure follows allegations that eXch facilitated laundering efforts by North Korea’s Lazarus Group; in an email to Decrypt, the exchange acknowledged that it had processed “vastly a minor part” of the stolen Ethereum laundered through “multiple centralized and decentralized services.”