Bybit CEO Confirms $280 Million of Stolen Funds "Gone Dark" in Hack Recovery Efforts

Bybit CEO Ben Zhou has confirmed that 20% of the $1.4 billion in stolen funds from the exchange's February hack has gone dark, meaning it is no longer traceable. Zhou provided an update on the situation on March 4, revealing that while $280 million of the stolen funds has been laundered or sent to obscured platforms, $1.07 billion remains trackable. Investigators are continuing their efforts to recover the stolen assets and freeze further funds as they try to prevent the attackers from cashing out.

Breakdown of Stolen Funds

Zhou's update sheds light on the movement of the 500,000 ETH stolen during the hack, stating that 77% of the funds are still traceable. However, 20% of the stolen funds have been "laundered" or "mixed," making tracking more difficult, and 3% has been successfully frozen.

"Gone dark" refers to the 20% of stolen funds that have been successfully mixed or moved to platforms that obscure the origins of the transactions, a tactic often used by cybercriminals to hide illicit activity. In this case, North Korean hackers are believed to be behind the laundering efforts, further complicating the recovery process.

Investigators Race to Freeze More Assets

As the recovery effort intensifies, investigators have managed to freeze $42 million of the stolen funds, or about 3% of the total. However, much of the stolen assets, roughly $1 billion worth (or 417,348 ETH), have been converted into Bitcoin (BTC) and dispersed across 6,954 different wallets. This fragmentation makes it far harder for investigators to track and recover the assets.

According to Zhou, the next one to two weeks will be critical in the ongoing fight to freeze more stolen funds before the attackers attempt to cash out through cryptocurrency exchanges, over-the-counter (OTC) platforms, and peer-to-peer (P2P) transactions.

Tactics of the Hackers

The hackers have been primarily using decentralized exchanges like THORChain to cash out the stolen ETH and BTC. Other platforms, including ExCH and OKX Web3 Proxy, have also been used to move parts of the stolen funds.

Zhou also revealed that $65 million worth of stolen ETH could potentially be recovered with support from the OKX Wallet team. In recognition of the efforts to track and freeze the stolen assets, 11 bounty hunters have been rewarded a total of $2.1 million for their contribution to the investigation.

Ongoing Blockchain Forensics and Support from Experts

Blockchain analytics firm Elliptic identified more than 11,000 wallets linked to the Bybit hackers on February 25. Following this, Bybit engaged ZeroShadow, a Web3 security firm specializing in blockchain forensics, to assist in tracing and freezing the stolen funds. ZeroShadow’s expertise is pivotal in maximizing the recovery process and bringing the perpetrators to justice.

Conclusion

As the investigation continues, the Bybit hack remains one of the most significant cryptocurrency breaches to date, involving large-scale theft and sophisticated money-laundering efforts. While a significant portion of the stolen funds has been obscured and dispersed across multiple wallets, the ongoing efforts by investigators, bounty hunters, and blockchain security experts provide hope for the recovery of the remaining funds. With time running out, Bybit and its partners are pushing to prevent further losses and ensure that the hackers are held accountable for their actions.