The Bybit hack from February 2024 has left the crypto exchange with some serious problems to deal with.
And in an update that must have surely left a bitter taste for the exchange’s employees and investors, Bybit’s CEO Ben Zhou confirmed that the hackers have successfully laundered around $280 million of the $1.4 billion they took during the security breach. Zhou went on to paint a rosier picture, offering some hope of recovery for investors and employees. He said around $1.07 billion of the stolen funds is still “traceable.”
Possibly related: Huobi en español – The First Crypto Exchange in Latin America Language.
The exchange continues to investigate.
The hack that struck the widely used cryptocurrency exchange Bybit resulted in the theft of about 500,000 ETH. The stolen funds, our own Benjamin Powers now reports, were transferred across multiple platforms in an effort to obscure their origins—and Western authorities are now attempting to figure out just how those funds were laundered and to recover them.
The Breakdown of the Stolen Funds and Their Movement
Most of the $1.4 billion in stolen assets has been converted to Bitcoin via THORChain, a platform that facilitates cross-chain cryptocurrency swaps. Bybit claims to have carried out a detailed investigation into what occurred and when. According to this investigation and an accompanying report, 83% of the funds taken during the heist, or about 417,348 ETH, were converted to Bitcoin through 6,954 different wallets. Each of these wallets, according to the report, holds an average of 1.71 BTC. The coming week is very important for authorities because the BTC funds already converted are about to clear through various platforms and presentation-layer Bitcoin is offering quite a nice chance for the funds to get frozen. Once that chance has been missed, the investigation will get much harder.
The bulk of the funds can still be followed, but a part of the stolen ETH has gone dark. Exactly how much and how it went dark is what investigators want to know.
Of the missing funds, these amounts are untraceable:
• 79,655 ETH, around 16% of the total stolen assets, moved through the ExCH platform.
• 23,553 ETH, valued at $65 million, went through OKX’s Web3 proxy.
Even with the movements of these stolen funds presenting such a substantial challenge, Zhou remains optimistic. Why? Because 77% of the funds are still traceable. “That’s a significant window of opportunity right there for us to recover the funds and return them to the victims,” he said. The team’s efforts are now also being supported by a bounty program, which has led to some more recent success.
Efforts to Freeze the Stolen Funds and Ongoing Bounty Success
Apart from the advances made in following the stolen assets, the Bybit team has set up a bounty program that provides incentives to individuals and groups who help to freeze the laundered funds. Eleven parties have done enough work to be paid as bounty hunters. The three who have done the most work are Mantle, Paraswap, and ZachXBT, who together have helped recover about $2.18 million in USDT.
Tracking and freezing the stolen assets is absolutely critical if we are to shut down the asset pump in any substantial way. We have come up with a method for accomplishing that as much as is feasible today, and in any case, we’ve had success two times in the last handful of months: doing so twice in coordination with law enforcement. With these freezes, we have A) prevented forward movement of the assets, and B) in the next and final phase, we are doing everything we can to use these successes as waypoints on the road to recovering more of the $1.4 billion stolen via Maneuver.
Although $280 million is a large sum of money, and their loss is a significant setback for us, Zhou said, there is an ongoing and robust investigation that holds out the possibility of substantial recovery. The next few days and several weeks will be critical.
Exchanges and liquidity platforms are the last places where any still-trackable assets will be found. If authorities can act quickly to search these platforms, it may still be possible to recover a major portion of the assets that were taken.
Looking Ahead: The Fight to Recover the Funds
The ongoing investigation into the Bybit hack has the cryptocurrency industry on edge. The $1.4 billion theft points to the many vulnerabilities that exist in the digital asset space, especially when it comes to exchanges and DeFi protocols. Decentralized platforms are underused by ‘retail’ customers, and that makes them appealing to hackers. They can use these platforms to convert and obscure stolen assets without fear that the platforms will be shut down by law enforcement.
For Bybit, retrieving the stolen funds is priority number one. More than three-quarters of the stolen assets are still traceable, which is good news; but the situation is still very much in flux, and the outcome is uncertain. Every passing day sees both law enforcement and the crypto community efforts ramp up to prevent further losses and recover as much of the stolen funds as possible.
Meanwhile, the program that pays rewards for information on illicit activities will continue to play a pivotal role in freezing laundered funds; and it remains to be seen whether additional resources will be needed to track down the still untraceable portions of the stolen assets. The Bybit hack is a stark reminder of how secure the world of rapidly evolving cryptocurrency still needs to be.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
