The hackers have moved 54% of the $1.4 billion stolen from Bybit, using cross-chain platforms like THORChain.
By Chimamanda U. Martha
Edited by Marco T. Lanz
Updated
3 mins read
Hackers responsible for the Bybit exploit have continued to launder stolen funds, moving over $605 million in Ethereum ETH $1 576 24h volatility: 1.3% Market cap: $190.13 B Vol. 24h: $6.68 B despite their identities being unmasked by blockchain security firms.
Following the historic Bybit hack last Friday, blockchain security firms, including Elliptic and Arkham Intelligence, identified North Korea’s Lazarus Group as the perpetrators. The notorious cybercriminal syndicate has been behind some of the most high-profile crypto heists, including the $540 million Ronin Network exploit in 2022.
Despite their identities being revealed, the hackers have pressed ahead with laundering their stolen funds. As of February 28, they have transferred approximately 270,000 ETH, worth around $605 million. The figure represents 54% of the $1.4 billion stolen from the exchange.
The #Bybit hacker is laundering funds via #THORChain!
So far, the #Bybit hacker has laundered 270K $ETH($605M, 54% of the stolen funds) and still holds 229,395 $ETH($514M). pic.twitter.com/NtcKUpxsxc
— Lookonchain (@lookonchain) February 28, 2025
The laundering efforts began shortly after the attack on February 21. By February 25, the group had already moved around $335 million of the stolen assets.
At the time, blockchain analyst EmberCN said the hackers still controlled 363,900 ETH, valued at approximately $900 million, in their wallet.
Historically, Lazarus Group has used decentralized cross-chain protocols like THORChain to obscure transactions and evade tracking. Since the Bybit hack, THORChain has seen a significant surge in activity, processing over $1 billion in transactions within just a few days.
While the crypto industry continues to enhance security measures, sophisticated hackers continue to exploit vulnerabilities. In Bybit’s case, the attackers gained access by compromising Safe Wallet, a popular multi-signature wallet provider.
According to blockchain security firm Sygnia, the breach stemmed from malicious code embedded in Safe Wallet’s infrastructure. The hackers planted the exploit and waited for an opportunity to infiltrate Bybit’s systems.
In response, Safe Wallet acknowledged Sygnia’s findings on X, assuring users that their assets remain secure and unaffected by the exploit.
“The Safe Wallet team has fully rebuilt, reconfigured all infrastructure, and rotated all credentials, ensuring the attack vector is fully eliminated.” Safe said, adding that Sygnia’s report did not find any vulnerabilities in the Safe smart contracts or source code.
While Bybit continues to operate with no disruptions on both deposits and withdrawals, the company has taken the fight directly to the notorious North Korean hackers. Earlier this week, the company launched a bounty program dubbed lazarusbounty.com, to help recover the stolen funds.
Bybit CEO Ben Zhou said the program will reward those helping to catch the perpetrators. So far, the initiative has handed out more than $4 million in rewards to those who have helped Bybit in its quest to claw back its stolen Ethereum.
He also revealed plans to expand the program to assist other victims of Lazarus Group’s attacks, vowing to persist in the fight against cybercriminals.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Chimamanda is a crypto enthusiast and experienced writer focusing on the dynamic world of cryptocurrencies. She joined the industry in 2019 and has since developed an interest in the emerging economy. She combines her passion for blockchain technology with her love for travel and food, bringing a fresh and engaging perspective to her work.
