The majority of the funds compromised in the Bybit breach can still be tracked as blockchain analysts work diligently to freeze and recover the assets involved.
On February 21, the crypto sector was shaken by an unprecedented hack that resulted in Bybit losing over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and various other digital currencies.
Investigation teams from blockchain security firms have pointed to North Korea’s Lazarus Group as the main suspect behind the attack, as the perpetrators continue to exchange the stolen assets in a bid to obscure their trail.
Yet, despite the Lazarus Group’s attempts, more than 88% of the pilfered $1.4 billion is still traceable, according to Bybit’s co-founder and CEO.
In a post shared on March 20, the CEO stated:
“Total hacked funds of USD 1.4bn around 500k ETH. 88.87% remain traceable, 7.59% have gone dark, 3.54% have been frozen.”
Furthermore, he noted that “86.29% (440,091 ETH, approximately $1.23B) have been converted into 12,836 BTC across 9,117 wallets (average 1.41 BTC each),” explaining that the funds were mainly transferred through various Bitcoin (BTC) mixers such as Wasbi, CryptoMixer, Railgun, and Tornado Cash.
Source: Ben Zhou
This update from the CEO arrives nearly a month following the exploit, during which it took the Lazarus Group just 10 days to launder the entirety of the stolen funds via the decentralized crosschain protocol THORChain, as reported earlier.
Nonetheless, blockchain security experts remain optimistic that a portion of the stolen funds can still be frozen and recovered.
Related: Can Ether climb above $3K after Bybit’s staggering $1.4B hack?
The crypto landscape is in dire need of more blockchain “bounty hunters” and ethical hackers to counteract the rising illegal activities linked to North Korean factions.
According to the CEO, discerning transaction patterns through cryptocurrency mixers poses the most significant challenge in tracing these assets, declaring:
“In the past 30 days, we received 5012 bounty reports, of which 63 were valid. We welcome more reports and need more bounty hunters who can decode mixers as we require significant assistance moving forward.”
Bybit has rewarded $2.2 million to bounty hunters targeting Lazarus
Bybit has allocated over $2.2 million to 12 bounty hunters for their contributions in providing information that could aid in freezing the funds, as stated on a dedicated website for tracking bounty payouts.
The exchange is offering a 10% reward of the recovered assets to white hat hackers and investigators.
Bybit’s bounty payout details for the Lazarus-related hack.
Related: The Bybit exploit reveals security vulnerabilities in centralized crypto exchanges
The Bybit incident underscores that even centralized exchanges with robust security measures can still fall prey to sophisticated cyber offenses, as noted by analysts.
“This event serves as a stark reminder that even the most secure systems can be compromised due to human error,” commented an analyst from Trezor.
The analyst elaborated that the attackers utilized advanced social engineering tactics, tricking signers into approving a malicious transaction that siphoned crypto from one of Bybit’s cold wallets.
With more than double the scale of the $600 million Poly Network hack in August 2021, the Bybit breach stands as the largest crypto exchange security failure recorded to date.
Magazine: Trump’s crypto ventures stir conflict of interest, insider trading inquiries