Bybit CEO Ben Zhou has revealed that while 77% of the approximately 500,000 ETH stolen in the recent hack remains traceable, 20% has "disappeared into the shadows," and only 3% has been successfully frozen.
A total of 417,348 ETH, valued at around $1 billion and accounting for 83% of the stolen assets, has already been converted into Bitcoin across 6,954 wallets - an average of 1.71 BTC per wallet.
Zhou emphasized that the current and upcoming weeks are critical for freezing the remaining assets, as the stolen coins are expected to be laundered through exchanges, OTC desks, and P2P platforms. Hackers have predominantly used THORChain to swap Ethereum for Bitcoin, making fund recovery more challenging.
Cross-Chain Transactions and the Challenge of Recovery
Bybit’s monitoring system has been able to track 361,255 ETH (approximately $900 million), representing 72% of the total stolen assets, as they moved through cross-chain protocols. However, 79,655 ETH (16% of the stolen funds) were laundered through the decentralized exchange ExCH.
Another 40,233 ETH ($100 million or 8% of the stolen funds) were funneled through the OKX Web3 Wallet proxy. Of this amount, Bybit analysts can still monitor 16,680 ETH, while information on the remaining 23,553 ETH ($65 million or 5% of the assets) remains inaccessible, requiring intervention from OKX Web3 Wallet specialists.
Bounty Program and Law Enforcement Involvement
Zhou also provided an update on Bybit’s bounty program. According to him, 11 participants contributed to freezing a portion of the stolen assets. Among those recognized were teams from Mantle and Paraswap, as well as on-chain analyst ZachXBT. In total, $2.18 million in USDT was distributed in bounty rewards.
The FBI has confirmed that the North Korean-linked hacking group TraderTraitor, also known as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima, was responsible for the Bybit hack. U.S. authorities are now actively investigating the case, attempting to prevent further liquidation of the stolen funds.
Security Concerns and Industry Reactions
Following the attack, cryptographer Adam Back attributed the hack to "flaws in the EVM design," suggesting that vulnerabilities in Ethereum's smart contract architecture facilitated the breach.
Later, cybersecurity firm Sygnia reported that the attack was linked to a security flaw in Safe’s infrastructure, a widely used multi-signature wallet solution. The report sparked controversy in the industry, with Binance founder Changpeng Zhao openly criticizing the developer's assessment of the Bybit hack, arguing that deeper security failures might have played a role. As investigations continue and asset tracking intensifies, the cryptocurrency community remains on high alert, anticipating further developments in the case.
