Bybit’s CEO, Ben Zhou, has provided updates on the recovery of funds stolen during a major hack on the exchange. The incident, which occurred on February 21, involved approximately $1.4 billion worth of cryptocurrency, making it one of the largest hack on a centralized exchange in the crypto market. The attack, attributed to the Lazarus Group, resulted in the loss of 400,000 ETH-related tokens and other assets. Zhou stated that around 20% of the stolen funds have “gone dark,” while 77% remain traceable, and 3% have been frozen. Rising Concerns Over Decentralized Protocols Bybit CEO Zhou emphasized that the upcoming weeks are crucial for halting the hackers’ efforts to cash out through exchanges, over-the-counter platforms, and peer-to-peer channels. He noted that the stolen ETH tokens from Bybit is being rapidly converted into Bitcoin and moved across multiple wallets. The hackers predominantly used the decentralized liquidity protocol THORChain, accounting for 72% of the conversion activity. This has contributed to record weekly transaction volumes on THORChain, which reached over $4.5 billion according to data from DeFiLlama. The heavy use of THORChain by the attackers has triggered internal debates about the role of decentralized platforms in facilitating illicit transactions . One key THORChain member, TCB, announced his departure from the protocol, citing concerns over the significant volume of stolen funds being processed. TCB remarked that maintaining a fully decentralized, permissionless system becomes challenging when it is heavily exploited for laundering funds. A temporary vote to halt Ethereum transactions on THORChain has been proposed, but no final decision has been made. In contrast, other cross-chain platforms are taking more immediate action. Chainflip, another decentralized exchange, temporarily halted its swapping services upon detecting the hackers’ activities. The protocol also announced plans for new upgrades to prevent stolen funds from passing through its system. These moves reflect an ongoing tension between preserving the principles of decentralization and addressing the practical risks associated with allowing unrestricted fund flows. Bybit Challenges in Recovery Efforts As aforementioned, Zhou disclosed that significant portions of the stolen ether have become untraceable. For example, $79,655 ETH was processed through a non-KYC exchange called eXch, while another $100 million worth of ether flowed through the OKX Web3 proxy. 3.4.25 Executive Summary on Hacked Funds:Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.Breakdown:– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and… — Ben Zhou (@benbybit) March 4, 2025 Of this amount, $65 million remains untraceable pending further updates from OKX Web3. Meanwhile, the FBI has also urged exchanges and validators to cut off the Lazarus Group’s access , citing the group’s involvement in what it called the “biggest money heist in human history.” Featured image created with DALL-E, Chart from TradingView
