Bybit Hacker Launders $1.04B of Stolen Funds Through THORChain, Some Assets May Still Be Recoverable

The attacker behind the $1.4 billion Bybit hack has successfully laundered all 499,395 ETH (worth approximately $1.04 billion) stolen during the February breach, primarily using the decentralized crosschain protocol THORChain. This represents the complete laundering of funds from what is now considered the largest cryptocurrency theft in history.

According to blockchain security firm Lookonchain, the laundering operation was completed as of March 4, with the hacker methodically moving the substantial ETH holdings through various channels to obscure their origin. "The #Bybit hacker has laundered all the stolen 499,395 $ETH($1.04B currently), mainly through #THORChain," Lookonchain reported in a post on X.

The February 21 breach involved the theft of over $1.4 billion in various tokens, including liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. Multiple blockchain analytics firms, including Arkham Intelligence, have attributed the attack to North Korea‘s Lazarus Group, a notorious Hacking collective known for targeting cryptocurrency platforms.

This laundering operation comes just two months after South Korean authorities imposed sanctions on 15 North Koreans allegedly involved in raising funds for North Korea‘s nuclear weapons program through cryptocurrency theft and cyber attacks.

Despite the comprehensive laundering effort, security experts maintain that recovery possibilities still exist. Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers, offered a cautiously optimistic assessment: "While laundering through mixers and cross-chain swaps complicates recovery, Cybersecurity firms leveraging on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators still have small opportunities to trace and potentially freeze assets."

Lavid emphasized that timing is crucial in such recovery efforts, adding, "Rapid response is key once funds are deeply obfuscated, recovery becomes significantly harder. The main stolen fund prevention is mainly before or during the hack."

On March 4, Bybit CEO Ben Zhou provided an update on the situation, confirming that approximately 77% of the stolen funds remain traceable, while over $280 million "has gone dark." Zhou noted that 3% of the stolen funds have been successfully frozen.

In a demonstration of financial resilience, Bybit honored all customer withdrawals following the attack and had fully replaced the stolen $1.4 billion in Ether by February 24, just three days after the security breach.

Security firms like Cyvers are working to develop preventative measures against similar attacks in the future. Michael Pearl, vice president of GTM strategy at Cyvers, told Cointelegraph about an emerging solution called offchain transaction validation, which could potentially prevent 99% of crypto hacks and scams by simulating and validating blockchain transactions in an offchain environment before execution.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Bitcoin Plunges Nearly 10% as Trump’s Cryptocurrency Reserve Plans Face Uncertainty
• Former Crypto Miner CoreWeave Files for IPO with $1.9 Billion Revenue
• Trump’s Crypto Reserve Promise Fizzles as ADA, XRP, SOL Plunge 21%
• CoinFerenceX: The First Decentralized Web3 Event Set to Revolutionize the Industry
• $280 Million of Stolen Bybit Funds Now “Gone Dark” as Recovery Efforts Continue