Bybit CEO Ben Zhou has revealed that over $200 million of the $1.46 billion stolen in a recent cyberattack has become untraceable. In a March 4 post on X, Zhou shared that 77% of the stolen funds are still trackable, but nearly 20% has “gone dark” after being laundered through mixing services.
How Hackers Laundered the Funds
The hackers primarily used THORChain, a cross-chain liquidity protocol, to convert Ethereum (ETH) into Bitcoin (BTC).
Key Findings from Bybit’s Investigation:
✔ 83% of the stolen funds (~$1 billion) were swapped into BTC across 6,954 wallets.
✔ 72% (~$900 million) passed through THORChain and is still traceable.
✔ 16% (~$160 million or 79,655 ETH) disappeared through ExCH, a centralized mixing service.
✔ $65 million remains untraceable due to missing data from OKX’s Web3 wallet.
Zhou stressed that the next two weeks are critical, as funds could start clearing through exchanges, OTC desks, and peer-to-peer (P2P) markets.
THORChain’s Role and Controversy
Unlike other protocols that blocked suspicious transactions, THORChain’s validators refused to act. This decision led to Pluto, a core contributor, resigning in protest. The lack of intervention has fueled criticism, as North Korea-linked hackers have exploited the platform for laundering stolen assets.
Efforts to Recover Stolen Crypto
So far, 11 entities, including Mantle, ParaSwap, and blockchain investigator ZachXBT, have helped freeze some of the stolen funds. Their efforts have led to over $2.1 million in bounty payouts.
Despite these efforts, Zhou stated that Bybit is still waiting for further updates on the remaining missing funds.
Final Thoughts
The Bybit hack underscores the ongoing security challenges in the crypto space. While a significant portion of the stolen funds remains trackable, the use of mixing services has made full recovery increasingly difficult.
What are your thoughts on THORChain’s role in this?
