North Korean hackers completely transfer the Bybit hack loot but recovery is not yet totally out of the question.
North Korean hackers sent shockwaves through the crypto and finance world on February 21 after stealing $1.5 billion worth of Ethereum from leading crypto exchange Bybit.
What’s more? In the fallout, these hackers have made quick work of laundering the loot—yet it may not be all doom and gloom.
Not all “Dark”?
As of Tuesday, March 4, the North Korean hackers have completely transferred out or swapped the 499,000 ETH stolen from the Bybit hack.
This is according to prominent on-chain sleuth Yujin, popularly known as “EmberCN.” In a Tuesday X post, the analyst noted that the process only took ten days. This is less than the “half a month” timeline the analyst initially predicted.
While this report paints a dire picture, all hope may not be lost. Notably, on Tuesday, Bybit CEO Ben Zhou disclosed that only 20% of the loot, roughly $300 million, “has gone dark.”
3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…— Ben Zhou (@benbybit) March 4, 2025
According to the Bybit chief, 77% of the loot is still traceable. This includes over 361,000 ETH worth about $900 million swapped for Bitcoin on THORChain and nearly 17,000 ETH worth over $35 million transferred through OKX’s Web3 wallet.
At the same time, Zhou noted that 3% of the total loot, roughly $45 million or 15,000 ETH, has been frozen.
Still, there is a sense of urgency around recovery efforts.
Critical Week
According to Zhou, this week and the next will be critical to recovering the loot from the Bybit hack. He disclosed this, stressing that hackers will likely ramp up efforts to clear the loot on exchanges, peer-to-peer platforms, and through over-the-counter services.
The exchange had launched a bounty program to aid recovery efforts, offering community members rewards for tips leading to freezing parts of the loot.
The Federal Bureau of Investigation also appears to be involved in the investigation. Last week, the agency released a statement confirming the involvement of North Korean state-sponsored actors in the hack while urging all crypto industry participants to collaborate in recovery efforts.
But recovery of the Bybit loot is unlikely to be a cakewalk. For one, the North Korean hackers are leveraging thousands of wallets to frustrate the investigation. At the same time, they are no strangers to mixing services and non-KYC exchange platforms.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
