Bybit Hack: $1.4 Billion Stolen Funds May Be Laundered Through Crypto Mixers

Jimmy Aki
Last Updated:

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

In a significant security breach, cryptocurrency exchange Bybit suffered a loss of approximately $1.4 billion in digital assets on February 21, 2025. The Bybit hack, now considered the largest crypto heist to date, has been linked to North Korea’s notorious Lazarus Group.

Lazarus Group’s Involvement and Laundering Techniques

Experts suggest that the stolen funds are likely to be laundered through crypto mixers, complicating recovery efforts.

Blockchain security firm Elliptic has attributed the hack to the Lazarus Group, a state-sponsored hacking collective known for targeting cryptocurrency platforms.

Elliptic’s analysis indicates that the group may employ mixers next to obfuscate the transaction trail. However, due to the substantial amount stolen, this strategy may present challenges.

Historically, the Lazarus Group has utilized a characteristic pattern to launder stolen assets. Initially, they exchange pilfered tokens for native blockchain assets like Ether (ETH).

Subsequently, they engage in layering techniques, which involve transferring funds through numerous crypto wallets, utilizing cross-chain bridges to move assets across different blockchains, and employing decentralized exchanges to switch between various cryptocurrencies.

Mixers, such as Tornado Cash, are often used to further conceal the origins of the funds.

Immediate Actions and Ongoing Investigations

Within two hours of the breach, the stolen assets were dispersed into 50 separate wallets, each containing approximately 10,000 ETH.

Elliptic reports that these wallets are being systematically emptied, with at least 10% of the stolen funds already moved.

One particular service has emerged as a significant facilitator in this laundering process, allegedly refusing to halt the activity despite direct requests from Bybit.

In response to the attack, Bybit’s CEO, Ben Zhou, has assured customers that the exchange remains solvent and that all client assets are backed 1:1.

The company is collaborating with blockchain forensic experts to trace the stolen funds and has initiated a recovery bounty program, offering up to 10% of the recovered amount to individuals aiding in the retrieval of the assets.

Despite the breach, Bybit has managed to recover nearly 100% of the lost Ethereum through loans and over-the-counter deals.

The Bybit hack is not the only major crypto attack in recent times.

In a separate case, the U.S. Department of Justice has charged Canadian national Andean Medjedovic for hacking and laundering $65 million from two DeFi platforms, KyberSwap and Indexed Finance.

Medjedovic allegedly manipulated smart contracts to steal funds, similar to tactics used in past crypto heists.

The Bybit hack adds to a series of high-profile cryptocurrency thefts in recent years, with over $2.2 billion stolen from crypto platforms in 2024 alone.

As cybercriminals continue to refine their methods, the industry faces increasing pressure to enhance security protocols and develop more effective strategies to combat illicit activities.

In light of these events, stakeholders within the cryptocurrency ecosystem are urged to prioritize robust security measures.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.