2 Minutes
Bybit’s Historic Cryptocurrency Theft: Funds Go Off the Radar
Three months after Bybit suffered one of the largest digital asset breaches in history, new blockchain analysis reveals that almost 50% of the stolen $1.4 billion in crypto has now become untraceable.
Data from Bybit indicates that $644 million—close to half of the exchange’s lost funds—has effectively vanished from on-chain visibility after being funneled through advanced cryptocurrency mixing services. As of the latest review, approximately $693 million (or 49.5% of the loot) still sits traceable on the blockchain, whereas law enforcement and cryptocurrency exchanges have managed to freeze about $63 million, representing just 4.5% of the total stolen assets.
Mixers and Privacy Wallets Obscure the Trail
Where Did the Stolen Crypto Go?
The laundered assets were systematically routed through various blockchain mixers and privacy wallets designed to obscure transaction flows and hinder tracking. The largest share—$247.5 million (approximately 966 BTC)—was processed via Wasabi Wallet, a well-known Bitcoin mixing service. Another sizable chunk, $94.1 million, was laundered through eXch, a mixer that publicly claimed closure in April yet remains operational according to recent blockchain forensics. Smaller amounts also moved through Ethereum-centric mixers, including $2.5 million via Tornado Cash and $1.7 million through Railgun.
Concerns Over eXch's Ongoing Operations
Despite its supposed shutdown, eXch continues to process transactions. Analysis from TRM Labs has shown that the service still operates via backend APIs, facilitating high levels of transactional anonymity. Mixers like eXch pool funds to such an extent that tracing the origin or final destination of transactions is almost impossible, making it a go-to tool for crypto criminals seeking to obfuscate stolen assets.
Bybit Breach Tied to Notorious North Korean Hackers
The security incident traces back to February, when the North Korean-linked TraderTraitor group exploited a Safe{Wallet} developer’s laptop. Malware hidden in a fraudulent Docker project, disguised as a 'stock investment simulator,' installed itself after a download on the developer's Mac. Using pilfered AWS session tokens and circumventing multi-factor authentication, the hackers accessed Bybit's digital wallets.
As authorities and blockchain security teams continue pursuing the stolen funds, this case underscores ongoing challenges in tracing laundered cryptocurrency through privacy protocols—heightening the call for tighter security and monitoring in the rapidly evolving blockchain and crypto exchange ecosystem.
Comments