News 
Coin Information 
About us 
Customer Service 
Bybit CEO Ben Zhou reported that nearly 28% of the $1.4 billion in crypto stolen during the February hack, attributed to North Korea’s Lazarus Group, has gone dark and is no longer traceable. Zhou detailed the breakdown on X, stating that out of approximately 500,000 ETH taken, 68.57% remains traceable, 27.59% is untraceable, and 3.84% has been frozen.
The untraceable assets were initially funneled into crypto mixers like Wasabi, then routed through cross-chain bridges and decentralized platforms including P2P and OTC exchanges. Additional laundering involved services like Railgun, Tornado Cash, and CryptoMixer. Eventually, the attackers performed cross-chain swaps through platforms such as Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap, ultimately converting the stolen ETH into more liquid assets.
Forensic analysis found that 84.45% of the stolen ETH, totaling 432,748 ETH, was converted into Bitcoin using Thorchain. Of this, 342,975 ETH (roughly $960 million) became 10,003 BTC, distributed across 35,772 wallets—averaging just 0.28 BTC each, making tracking more difficult. Another 1.17% of the funds, or 5,991 ETH (around $16.77 million), still resides on the Ethereum blockchain across 12,490 wallets.
In response, Bybit launched the Lazarus Bounty program to track these illicit flows, receiving 5,443 reports in two months, with only 70 verified. Zhou emphasized the need for more blockchain analysts to help decipher complex mixer activity and aid in fund recovery efforts.
Comment 0