BTC
$84,041.32
–
8.60%
ETH
$2,103.10
–
10.47%
USDT
$0.9998
–
0.01%
XRP
$2.3680
–
8.58%
BNB
$567.22
–
5.50%
SOL
$137.47
–
14.25%
USDC
$1.0004
+
0.01%
ADA
$0.8144
–
15.07%
DOGE
$0.1935
–
11.75%
TRX
$0.2342
–
2.82%
WBTC
$83,905.87
–
8.61%
HBAR
$0.2338
–
6.02%
LEO
$9.9585
–
0.03%
LINK
$13.84
–
14.56%
XLM
$0.2867
–
12.19%
AVAX
$20.18
–
13.82%
LTC
$103.25
–
11.27%
SUI
$2.4437
–
16.63%
TON
$3.0628
–
9.05%
SHIB
$0.0₄1280
–
9.18%
Some 417,348 ETH, valued at approximately $1 billion remain traceable on the blockchain after being moved using privacy-focused THORChain.
By Shaurya Malwa|Edited by Parikshit Mishra
Mar 4, 2025, 9:06 a.m. UTC
What to know:
- Over 77% of stolen funds from Bybit hack remain traceable, 20% have gone dark.
- Hackers converted 83% of the stolen ETH into BTC, distributing it across 6,954 wallets.
- North Korean group Lazarus targeted Bybit, stealing billions in customer assets.
Over 77% of the funds stolen in a record hack on crypto exchange Bybit remain traceable, while 20% have “gone dark” and are untraceable, CEO Ben Zhou said in an update on X early Tuesday.
“This and the coming week is critical for fund freezing as the funds will start to clear at exchanges, otc and p2p,” Zhou said, referring to the hackers’ efforts of laundering the money and converting it to cash.
STORY CONTINUES BELOW
Some 417,348 ether (ETH), valued at approximately $1 billion remain traceable on the blockchain after being moved using privacy-focused THORChain. Another 20% of the funds, roughly 79,655 ETH or $200 million, have “gone dark” through ExCH.
A smaller portion, 40,233 ETH or $100 million, had passed through OKX’s web3 proxy, but 23,553 ETH, worth $65 million, remain untraceable.
Zhou said the hackers converted 83% of the stolen ETH — 361,255 ETH; or $900 million — into BTC, distributing it across 6,954 wallets, with an average of 1.71 BTC per wallet using THORChain.
THORChain has processed $4.66 billion in swaps in the week ending March 2, the highest tally on record, according to data source DefiLlama — making it over $5.5 million in fees from the illicit flows.
North Korean hacking group Lazarus targeted Bybit in late February by injecting malicious code into SafeWallet, a third-party wallet platform used by the exchange, to steal billions in customer assets from the exchange.
The attackers compromised a developer’s device, enabling them to manipulate a routine wallet transfer and siphon off nearly $1.5 billion in ETH.
Bybit fully returned to a 1:1 backing of client assets days after the attack, as CoinDesk previously reported. Address activity suggests more than $400 million were purchased through over-the-counter trading, with another $300 million brought directly from exchanges.
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis.
Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA.
He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
