Bybit Exchange hack is witnessing some new updates from its CEO. The exchange is facing challenges in tracking down a major portion of the $1.4 billion (approximately 500,000 ETH) stolen in a major security breach.
According to a recent update from Bybit CEO Ben Zhou on April 21, 2025, 27.59% of the hacked funds have now “gone dark.” This meant that they can no longer be traced through blockchain analytics. While 68.57% of the stolen assets remain traceable, only 3.84% have been successfully frozen.
The untraceable funds have primarily flowed through a series of cryptocurrency mixers. They were being bridged to peer-to-peer (P2P) and over-the-counter (OTC) platforms, according to Zhou’s analysis. His April 21 executive summary of the Bybit crypto hack identified Wasabi as the main mixing service utilized by the attackers. He attributed these to the North Korean hacking group known as DPRK.
After washing Bitcoin through Wasabi, the hackers distributed smaller portions to additional mixing services including CryptoMixer, Tornado Cash, and Railgun. These mixers hide the transaction trail by combining the stolen funds with other cryptocurrencies.
Following the mixing process, the attackers used multiple cross-chain and swap services to further hide the origins of the funds. Zhou specifically mentioned platforms such as Thorchain, eXch, Lombard, LiFi, Stargate, and SunSwap as services used in this process. The final step involved converting the cryptocurrencies to fiat currencies through OTC or P2P exchange services.
The CEO’s update provides specific details on the movement of the stolen Ethereum. According to Zhou, 432,748 ETH (84.45% of the stolen amount, valued at approximately $1.21 billion) has been transferred from Ethereum to Bitcoin via Thorchain.
Of this total, 67.25% (342,975 ETH, or about $960.33 million) has been converted into 10,003 BTC. It is spread among 35,772 distinct wallets. Each wallet is holding an average of 0.28 BTC.
Only 1.17% of the stolen money (5,991 ETH, or about $16.77 million) remain on the Ethereum blockchain. The remaining ETH tokens were distributed over 12,490 wallets, with each wallet carrying an average of 0.48 ETH.
The movement of stolen funds converted to Bitcoin reveals a growing challenge for Bybit’s recovery efforts. According to Zhou’s April 21 report, 944 BTC was sent to the Wasabi Mixer. This marked a substantial increase from the March 30 update, when Zhou reported only 193 BTC had entered mixing services.
The Bybit exchange hackers have also been moving funds back and forth between blockchains. Zhou tweeted that 531 BTC has been transferred from Bitcoin back to the Ethereum network using Thorchain.
The CEO’s March 30 update had indicated that 86.29% of the stolen funds (440,091 ETH, valued at approximately $1.23 billion at the time) had been converted into 12,836 BTC distributed across 9,117 wallets, with each wallet holding an average of 1.41 BTC.
The April 21 update shows that the hackers have continued to distribute funds across more wallets, with the average BTC per wallet dropping from 1.41 to 0.28. Zhou specifically identified the decoding of mixer transactions as “the no.1 challenge we face now” in his March update.
The latest Bybit crypto hack report confirms this assessment, with the percentage of untraceable funds increasing from 7.59% to 27.59% in just three weeks.
Bybit has established a large bounty program to incentivize assistance in tracking and freezing the stolen assets. Branded as “LazarusBounty,” the program offers a total of $140 million, equivalent to 10% of the recovered funds.
According to the terms displayed on the bounty website, the bounty will be distributed with 5% going to the entity that successfully freezes the funds. Also, another 5% will go to the first reporters who helped to trace the funds.
Despite an enormous reward, the bounty program has not been working too well so far. The April 21 report by Zhou indicates that only 3.84% of the pilfered funds have been frozen, a modest increase from the 3.54% frozen on March 30.
The bounty initiative has drawn a lot of interest from the people who are experts in blockchain security. Zhou recommends that in the past 60 days, Bybit has received 5,443 bounty reports. However, only 70 (approximately 1.3%) of them were confirmed to be valid bounty reports.
The March 30 report showed there were 5,012 bounty reports filed within the past 30 days, 63 of which were good. The increased number of good reports (63 to 70) over the longer time interval (30 to 60 days) indicates there are fewer good reports being submitted.
The contents of this page are intended for general informational purposes and do not constitute financial, investment, or any other form of advice. Investing in or trading crypto assets carries the risk of financial loss. The forecasted data (also called “price prediction”) on this page are subject to change without notice and are not guaranteed to be accurate.
Subscribe to our newsletter to get the latest news and promotions.
Please note that our privacy policy, Terms and Conditions , cookies, and do not sell my personal information has been updated.
Bybit Exchange Hack: CEO Says 27.59% of Stolen Funds Have Gone Dark – The Coin Republic
