An on-chain analyst asserts that the Bybit hack perpetrators could launder the stolen Ethereum tokens within two weeks.
Hackers stunned the crypto community on Friday, February 21, by stealing $1.5 billion in Ethereum from leading crypto exchange Bybit in what has been described as the largest digital heist in history.
However, while the crypto market tries to pick up the pieces after the event, the culprits are already making quick work of moving the funds.
Bybit Hackers on the Move
“Half a month” or two weeks.
That’s how fast it could take the Bybit hackers to finish laundering funds stolen from the exchange, according to prominent on-chain analyst Yujin, popularly known as “EmberCN.”
The analyst based this view on the current pace at which hackers were moving the stolen assets. In an X post on Tuesday, February 25, they highlighted that the hackers had already moved 89,500 ETH worth roughly $224 million, or about 18% of the 499,000 ETH loot in the past two and a half days.
“If the frequency continues, the hacker will be able to exchange the remaining 410,000 ETH for other assets (BTC/DAI, etc.) in half a month,” the analyst’s translated statement read.
EmberCN further noted that the hackers have carried out most of the asset swaps on the embattled DeFi Layer-1 chain THORChain.
What You Need to Know About the Bybit Hack
For context, prominent on-chain sleuth ZachXBT was the first to draw attention to abnormal Ethereum outflows from Bybit on Friday, with the exchange’s CEO Ben Zhou confirming the exploit moments later.
Zhou explained that hackers were able to take control of the exchange’s Ethereum cold wallet by tricking signers of its wallet into signing a malicious transaction masked as a benign transfer from the cold wallet to the exchange’s hot wallet.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
The exploit has since been attributed to North Korean hackers.
At the time of writing, Bybit claims that it has already covered the hole sparked by the theft. Crypto tracking service Lookonchain has suggested that the fresh ETH comes from a mix of “loans, whale deposits, and ETH purchases.”
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
