Bybit CEO Ben Zhou revealed that nearly 28% of the $1.4 billion stolen in the February 2025 hack linked to North Korea’s Lazarus Group has become untraceable.
In a summary shared on X on Monday, 21 April 2025, Zhou detailed how the attackers successfully obfuscated over $390 million worth of crypto using a complex chain of mixers, cross-chain bridges, and OTC platforms.
Zhou said that of the total 500,000 ETH stolen, around 68.57% remains traceable. Meanwhile, 27.95% has “gone dark” and just 3.84% has been frozen.
EXPLORE: 10 Best AI Crypto Coins to Invest in 2025
Lazarus Laundered Funds Through Mixers Like Wasabi, Tornado Cash, and Railgun
The laundered funds were first routed through privacy-enhancing mixers such as Wasabi. They were then moved via other mixers like Tornado Cash, Railgun, and CryptoMixer.
From there, the attackers used cross-chain bridges and platforms including Thorchain, eXch, LiFi, Stargate, Lombard, and SunSwap to convert the funds into more liquid assets.
The hack, which involved full control over a specific ETH cold wallet, saw the entire 500,000 ETH drained to an unknown address. Forensic analysis revealed that 432,748 ETH—about 84.45% of the stolen amount—was swapped from Ether to Bitcoin using Thorchain.
Of that, 342,975 ETH (roughly $960 million) was converted into 10,003 BTC and distributed across more than 35,700 wallets, each holding an average of 0.28 BTC.
Zhou noted that a smaller portion—1.17% of the stolen funds or 5,991 ETH—remains on the Ethereum network, spread across 12,490 wallets.
4.21.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen. The untraceable funds primarily flowed into mixers then through bridges to P2P and OTC platforms.
Recently, we have…— Ben Zhou (@benbybit) April 21, 2025
In response to the attack, Bybit launched the Lazarus Bounty initiative, aimed at encouraging the crypto community to help track down the stolen assets.
Zhou shared that the program has so far received 5,443 reports, with 70 validated leads. “We need more bounty hunters who can decode mixer activity. That’s where a lot of the complexity lies,” Zhou added.
EXPLORE: Best New Cryptocurrencies to Invest in 2025
eXch To Shut Down Amid Allegations Tied To Bybit Hack
Last week, cryptocurrency exchange eXch announced it would officially cease operations on 1 May 2025. This was following allegations that the platform was used to launder funds connected to the high-profile Bybit hack.
The exchange cited increasing pressure from authorities and internal consensus among its leadership team to withdraw from the market.
The controversy centers on claims that North Korea’s Lazarus Group laundered approximately $35 million through eXch. These funds were part of the estimated $1.4 billion stolen in a massive exploit targeting Bybit earlier this year.
eXch stated it had become the focus of an “active transatlantic operation” designed to dismantle its infrastructure and potentially bring legal charges against its operators.
The fallout from the Bybit hack, one of the largest in crypto history, has been significant. More than $5 billion in user withdrawals followed the breach.
DISCOVER: Best Meme Coin ICOs to Invest in April 2025
Join The 99Bitcoins News Discord Here For The Latest Market Updates
Key Takeaways
- Nearly 28% of the $1.4B stolen in the Bybit hack is now untraceable, having moved through mixers and bridges.
- Lazarus Group used platforms like Wasabi, Tornado Cash, and Thorchain to launder and swap stolen funds into BTC.
- Bybit’s Lazarus Bounty program has received over 5,400 tips as the exchange intensifies efforts to track the missing crypto.
The post Bybit CEO Says Over $390M Of Stolen $1.4B In Lazarus Hack Now Untraceable appeared first on 99Bitcoins.