- Nearly 28% of the $1.4 billion stolen by North Korea‘s Lazarus Group in the Bybit hack has become untraceable.
- Over 68% of the stolen funds remain traceable, while approximately 4% have been frozen by authorities.
- The Hackers converted most of the stolen ETH to Bitcoin and distributed it across more than 35,000 wallets to obscure the trail.
Bybit CEO Ben Zhou revealed Monday that nearly 28% of the $1.4 billion stolen from the cryptocurrency exchange by North Korea‘s Lazarus Group has become untraceable. The funds were laundered through cryptocurrency mixers and cross-chain bridges before moving to peer-to-peer and over-the-counter platforms.
“Total hacked funds of USD 1.4bn around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen,” Zhou stated in an executive summary shared on X. The report details how hackers utilized multiple crypto mixers including Wasabi, Railgun, Tornado Cash, and CryptoMixer to obscure transaction trails.
Complex Money Movement Patterns
The North Korean hackers executed sophisticated cross-chain swaps through various platforms including Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap. According to forensic analysis, approximately 84.45% of the stolen funds (432,748 ETH) were converted from Ethereum to Bitcoin via Thorchain.
Of particular note, 67.25% of the stolen assets—equivalent to 342,975 ETH (roughly $960.33 million)—have been converted into 10,003 BTC and strategically distributed across 35,772 different wallets, with an average of just 0.28 BTC per wallet to minimize detection. Meanwhile, 1.17% of the stolen funds (5,991 ETH or about $16.77 million) remain on the Ethereum blockchain, spread across 12,490 different wallets.
Ongoing Recovery Efforts
The February hack saw the Lazarus Group gain “control of the specific ETH cold wallet and transferring all the ETH in the cold wallet to this unidentified address,” according to Bybit’s report. The cryptocurrency exchange has since launched a bounty initiative to track the stolen funds.
Zhou noted that the Lazarus Bounty initiative has received 5,443 bounty reports in two months, though only 70 have been validated as legitimate. “We need more bounty hunters that can decode mixers as we need a lot of help there down the road,” the Bybit CEO emphasized, highlighting the challenge of tracking funds once they’ve been processed through cryptocurrency mixers.
The case underscores the growing sophistication of North Korean Hacking operations targeting cryptocurrency platforms, as well as the challenges exchanges face in recovering stolen digital assets once they’ve been laundered through decentralized systems.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Bitcoin Whale Wallets Surge to 4-Month High Amid Accumulation Frenzy
- Strategy Co-Founder Hints at New Bitcoin Purchase as Holdings Grow
- Crypto Gaming’s “Tap to Earn” Trend Explodes Amid Solana Game Pass Launch
- Bitcoin Mining Revenue Hits Five-Year Low Despite $84K BTC Price
- Buterin Proposes RISC-V to Replace EVM for Faster Ethereum Network
