In a recent update shared via X, Bybit CEO Ben Zhou revealed that approximately 27.59% of the $1.4 billion in cryptocurrency stolen from the exchange has become untraceable, marking a significant development in one of the largest hacks ever to hit a centralized crypto exchange.
The update from Bybit’s CEO highlights the growing challenge of tracking the stolen funds, which were siphoned off in a sophisticated attack attributed to the North Korea-backed Lazarus Group.
4.21.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen. The untraceable funds primarily flowed into mixers then through bridges to P2P and OTC platforms.
Recently, we have…— Ben Zhou (@benbybit) April 21, 2025
As widely reported, the February 21 hack saw Bybit lose around 400,000 ETH and 113,000 ETH-related tokens, making it a landmark breach in the crypto industry.
At the time, Zhou and his team vowed to pursue the stolen assets, leveraging blockchain’s transparency to trace the funds.
However, the latest figures show a stark reduction in traceability.
In a March 4 update, Zhou noted that 77% of the stolen crypto remained traceable.
Now, that figure has dropped to 68.57%, with only 3.84% of the funds frozen, leaving a significant portion—roughly $386 million—effectively “gone dark.”
Zhou detailed the methods used by the hackers to obscure the funds, explaining that the untraceable portion primarily flowed through cryptocurrency mixers, cross-chain bridges, and peer-to-peer (P2P) or over-the-counter (OTC) platforms.
Mixers, which blend illicit funds with legitimate ones to obscure their origins, have been a key tool in the hackers’ arsenal.
The Bybit CEO pointed to the bitcoin mixer Wasabi as a primary conduit, with stolen tokens converted to BTC and then funneled into other mixing services like CryptoMixer, Tornado Cash, and Railgun.
The laundering process didn’t stop there.
Zhou outlined how the hackers employed multiple cross-chain and swap services to further muddy the trail, using platforms such as Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap.
These services have reportedly allowed the attackers to move funds across different blockchains, making it harder for investigators to follow.
Ultimately, the stolen crypto was converted into fiat currency through P2P and OTC exchange services, effectively integrating it into the broader financial system.
The Bybit hack underscores the persistent threat posed by state-sponsored hacking groups like Lazarus, known for their advanced tactics and malware-driven attacks.
The group’s ability to exploit centralized exchanges, which serve as critical hubs for crypto trading, highlights ongoing vulnerabilities in the sector.
Despite blockchain’s inherent traceability, the use of mixers and cross-chain services has proven effective in thwarting recovery efforts, raising concerns about the adequacy of current anti-money laundering measures in the crypto space.
For Bybit, the loss of traceability for over a quarter of the stolen funds is a major setback, though Zhou’s updates suggest that the crypto exchange remains committed to pursuing the hackers as best as they can.
The frozen 3.84%—approximately $53 million—offers some hope, but the broader trend indicates that recovering the full amount may be increasingly difficult (if not impossible).