In a recent update, Bybit CEO Ben Zhou discussed the ongoing recovery efforts following a massive hack that resulted in the theft of approximately $1.4 billion in customer assets. Zhou revealed that over 77% of the stolen funds remain traceable, providing a glimmer of hope for recovery amidst the chaos.
Key Takeaways
- 77% of stolen funds are still traceable, while 20% have become untraceable.
- Hackers converted 83% of the stolen ETH into BTC, distributing it across nearly 7,000 wallets.
- The North Korean hacking group Lazarus was identified as the perpetrator of the attack.
Overview Of The Hack
The hack, which occurred in late February, involved the North Korean group Lazarus injecting malicious code into SafeWallet, a third-party wallet platform utilized by Bybit. This breach allowed the attackers to siphon off nearly $1.5 billion in Ethereum (ETH) from the exchange.
Zhou emphasized the urgency of the situation, stating that the coming week is critical for freezing the stolen funds as they begin to clear at various exchanges and over-the-counter (OTC) platforms. The CEO noted that the hackers have been actively laundering the stolen assets, complicating recovery efforts.
Traceability Of Stolen Funds
According to Zhou, approximately 417,348 ETH, valued at around $1 billion, remains traceable on the blockchain. These funds were moved using THORChain, a privacy-focused platform. However, about 20% of the stolen assets, roughly 79,655 ETH (valued at $200 million), have gone dark and are currently untraceable.
A smaller portion of the stolen funds, approximately 40,233 ETH (around $100 million), passed through OKX’s web3 proxy, but 23,553 ETH (worth $65 million) remain untraceable. Zhou’s update highlights the complexity of tracking these funds as they are dispersed across multiple wallets.
Conversion And Distribution Of Stolen Assets
The hackers converted 83% of the stolen ETH—361,255 ETH, or $900 million—into Bitcoin (BTC). This conversion involved distributing the assets across 6,954 wallets, with an average of 1.71 BTC per wallet. The use of THORChain has been significant, processing $4.66 billion in swaps in the week ending March 2, resulting in over $5.5 million in fees from these illicit transactions.
Bybit’s Response And Recovery Efforts
In the aftermath of the attack, Bybit has taken swift action to reassure its users. The exchange returned to a 1:1 backing of client assets just days after the hack. Address activity indicates that more than $400 million were purchased through OTC trading, with an additional $300 million acquired directly from exchanges.
Zhou’s statements reflect a proactive approach to managing the fallout from the hack, as Bybit works to recover stolen assets and restore confidence among its users. The situation remains fluid, and the exchange is closely monitoring the movements of the stolen funds as they navigate this unprecedented challenge.
