The hacker responsible for the largest crypto theft in history has successfully laundered 100% of the stolen funds, primarily using cross-chain protocols to obscure their movement. However, blockchain security experts suggest that a small portion of the funds may still be traced and recovered through advanced tracking techniques.
📉 The Largest Crypto Hack in History
On February 21, 2025, Bybit suffered an exploit that resulted in the theft of over $1.4 billion worth of digital assets, including:
🔹 500,000 ETH
🔹 Liquid-staked Ether (stETH)
🔹 Mantle Staked ETH (mETH)
🔹 Various ERC-20 tokens
This Bybit exploit now ranks as the largest crypto theft on record, surpassing previous high-profile exchange and protocol hacks.
🌍 The Final Move: Bybit Hacker Launders All Stolen ETH
In a March 4 update, blockchain security firm Lookonchain confirmed that all 499,395 stolen ETH—worth over $1.04 billion—had been laundered, primarily through THORChain, a decentralized cross-chain liquidity protocol.
📝 Lookonchain’s statement on X:
“The #Bybit hacker has laundered all the stolen 499,395 $ETH ($1.04B currently), mainly through #THORChain.”
🚨 How was the laundering executed?
The hacker rapidly moved funds across multiple protocols and chains, using decentralized platforms to swap, convert, and obfuscate their origins. This sophisticated onchain laundering method enabled the North Korea-affiliated Lazarus Group to bypass traditional exchange oversight.
🚨 North Korea’s Lazarus Group Suspected
Several blockchain analytics firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the primary culprit behind the Bybit exploit.
This attack aligns with previous cybercrimes linked to Lazarus, which has reportedly generated billions for North Korea’s nuclear weapons development program through crypto heists, cyber intrusions, and financial fraud.
🌎 Sanctions & Crackdowns:
🔹 South Korean authorities recently sanctioned 15 North Koreans suspected of funding North Korea’s weapons programs via crypto thefts.
🔹 U.S. and European regulators continue tightening security and tracking measures against known Lazarus Group wallets.
💡 Can Any of the Funds Be Recovered?
Despite the laundered funds, blockchain security experts remain hopeful that some of the assets may still be frozen or traced.
Deddy Lavid, Co-Founder and CEO of Cyvers, shared insights on how modern tracking tools could potentially recover a portion of the assets:
🔍 “While laundering through mixers and cross-chain swaps complicates recovery, cybersecurity firms leveraging on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators still have small opportunities to trace and potentially freeze assets.”
💡 Key Takeaway:
💠 Speed is crucial. Once funds are deeply mixed, recovery becomes significantly harder.
💠 Exchange cooperation is necessary—without regulatory intervention, traceability efforts face challenges.
📊 Bybit CEO Confirms Some Funds Are Still Trackable
On March 4, Bybit CEO Ben Zhou revealed that:
✅ 77% of the funds remain traceable
⛔ Over $280 million has gone completely dark
🔒 3% of the funds have been frozen
While the hacker has moved the majority of stolen funds, Bybit is actively working with law enforcement agencies and blockchain security firms to track any potential vulnerabilities in the laundering process.
🚀 Bybit’s Response & Future Security Measures
Despite the record-breaking exploit, Bybit took immediate steps to protect user funds:
🔹 All customer withdrawals were honored.
🔹 Bybit replaced the stolen $1.4B in ETH within just three days (by Feb. 24).
🔹 Bybit has ramped up security partnerships with blockchain forensic experts to monitor future threats.
📢 Crypto security firm Cyvers is also developing new defense mechanisms to prevent future large-scale exploits.
One potential solution? Offchain transaction validation, a system that could preemptively detect and prevent 99% of hacks and scams before they occur.
📌 The Future of Crypto Security
This historic Bybit hack underscores the ongoing cybersecurity vulnerabilities in the crypto space.
🔹 Exchanges must prioritize stronger security frameworks to prevent high-profile hacks.
🔹 Regulators must improve global cooperation to combat crypto-based financial crime.
🔹 The crypto community must remain vigilant against emerging threats.
The fight isn’t over yet—while 100% of the stolen funds have been laundered, ongoing tracking efforts may still uncover hidden opportunities for fund recovery.
💡 What’s next? Stay tuned for further updates on security breakthroughs and Bybit’s ongoing response to this unprecedented attack. 🚀
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
Cardano 
Dogecoin 
TRON