Bybit Theft Update from CEO Ben Zhou
In a recent communication, Ben Zhou, the CEO of Bybit, provided an update regarding the significant theft that occurred on March 20, where approximately $1.4 billion, or around 500,000 ETH, was compromised. According to Zhou:
A substantial portion of the stolen assets, specifically 68.57%, can still be tracked, whereas 27.59% remain elusive, and 3.84% of the funds have been successfully frozen.
Analysis of Fund Movement
Analyzing the trajectory of these funds reveals that the untraceable portion primarily funneled into a mixer and then utilized a cross-chain bridge to move onto peer-to-peer (P2P) and off-exchange trading platforms. Insights indicate that the notorious North Korean hacking group has largely relied on the Wasabi mixer for these transactions. After being obscured in the Wasabi mixer, a fraction of the Bitcoin (BTC) was subsequently routed through CryptoMixer, Tornado Cash, and Railgun before exchanging across various platforms such as Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap. Ultimately, these funds transitioned into off-exchange trading and P2P fiat exchange services.
Ethereum and Bitcoin Movement
Examining the movement of Ethereum (ETH), a staggering 432,748 ETH—accounting for 84.45% of the total—was converted from Ethereum into Bitcoin via Thorchain. Of this converted amount, 342,975 ETH (or approximately $960 million) was exchanged for 10,003 Bitcoin, distributed across 35,772 wallets, averaging out to roughly 0.28 BTC per wallet. Additionally, 5,991 ETH (representing around $16.77 million) continues to sit in 12,490 wallets on the Ethereum blockchain, averaging 0.48 ETH per wallet.
For Bitcoin, 944 BTC, equaling about $90.62 million, was directed into the Wasabi mixer, while 531 BTC (equivalent to around 18,206 ETH, or 3.57%) returned to Ethereum through Thorchain.
Responses and Implications
The incident has prompted considerable interest, with over the past two months yielding 5,443 reports submitted regarding the theft. Among those, only 70 were deemed credible, underlining the need for skilled bounty hunters who can tackle the sophisticated technology of mixers.
The Bybit theft case not only highlights vulnerabilities within cryptocurrency exchanges but also accentuates the increasing sophistication of cybercriminals operating in the digital finance space, particularly those linked to state-sponsored groups.
