Discover top fintech news and events!
Subscribe to FinTech Weekly's newsletter
Read by executives at JP Morgan, Coinbase, Blackrock, Klarna and more
Bybit Faces Massive Hack, But Most Funds Are Still Traceable According to CEO Ben Zhou
Bybit, one of the world’s largest cryptocurrency exchanges, is grappling with the aftermath of a massive hack that saw $1.4 billion worth of crypto stolen by the infamous Lazarus Group. According to Bybit CEO Ben Zhou, 88.87% of the stolen assets remain traceable, despite efforts by the North Korean-linked hackers to cover their tracks through Bitcoin mixers and peer-to-peer vendors.
READ: North Korea Becomes Third-Largest Government Bitcoin Holder
Zhou disclosed that the stolen assets, which included 500,000 ETH, have largely been converted into 12,836 BTC and are currently spread across 9,117 wallets. His revelations, shared via X, noted that while 3.54% of the funds have been successfully frozen, 7.59% have already vanished into the dark web. The rest, Zhou asserts, are still within reach, but the clock is ticking.
North Korea’s Bitcoin Holdings Surge
The aftermath of the hack has placed North Korea in an unprecedented position within the crypto world. With the stolen assets, the country now controls 13,562 BTC, valued at over $1.14 billion. This places North Korea third among global Bitcoin holders, trailing only the United States, which holds 198,109 BTC worth $16.71 billion, and the United Kingdom, which possesses 61,245 BTC valued at $5.17 billion.
Countries like Bhutan and El Salvador have been pushed further down the list, with holdings of 10,635 BTC and 6,117 BTC, respectively. The sudden increase in North Korea’s Bitcoin holdings has raised alarms within the global financial community, especially given the timing. The heist occurred just days before Donald Trump signed an executive order establishing the Strategic Bitcoin Reserve (SBR), fueling speculation about Pyongyang’s long-term crypto strategy.
How Hackers Used Mixers to Launder Stolen Funds
Zhou’s detailed breakdown revealed that approximately 86.29% of the stolen assets—around $1.23 billion worth of ETH—were quickly converted into Bitcoin. The hackers then distributed the Bitcoin across thousands of wallets, using mixers like Wasabi to obscure the origins of the funds.
The process of laundering through mixers has made tracking incredibly difficult. Zhou admitted that this technique presents the most significant challenge in recovering the assets. Despite this, he remains optimistic, urging bounty hunters to assist in decrypting transactions. Bybit has already received over 5,000 bounty reports, though only 63 were deemed valid.
Missed Warnings and Security Lapses
The attack has brought Bybit’s security practices under scrutiny. Zhou acknowledged that the exchange had warnings about compatibility issues with Safe, the compromised software, months before the breach occurred. According to him, Bybit’s internal systems had detected that Safe was not fully compatible with the platform’s security framework. Despite these warnings, the necessary upgrades were not made in time.
Safe’s chief product officer, Rahul Rumalla, defended the software, stating that new security features had been introduced before the breach. However, Bybit’s internal audit revealed a more troubling picture. Hackers had gained access to Safe’s system through a compromised developer’s computer, enabling them to plant malicious code and manipulate transactions. The final strike came through a fraudulent transaction request approved by Zhou himself, which instantly drained $1.5 billion from the exchange.
Fallout and Market Reaction
The impact of the hack was immediate and severe. Despite Zhou’s assurances that Bybit remained solvent and could cover the loss, panic withdrawals saw nearly $10 billion pulled from the platform within hours. The broader crypto market also took a hit, as investors reacted to the news with heightened caution.
Amid the chaos, other exchanges stepped in to provide support. Bitget CEO Gracy Chen extended a 40,000 ETH loan to Bybit—worth approximately $100 million—without interest or collateral. Her statement emphasized trust in Bybit’s ability to recover and repay the loan.
While providing updates on X, Zhou even shared a light-hearted moment, posting a screenshot of his health app showing unusually low stress levels. He attributed it to being too focused on managing crisis meetings to feel the full weight of the situation.
The Ongoing Battle to Recover Funds
Despite efforts to freeze stolen assets and track funds through mixers, the battle is far from over. Lazarus Group continues to move the funds, using increasingly sophisticated techniques to evade detection. The use of mixers and peer-to-peer networks complicates efforts to trace and recover the assets.
Bybit’s leadership is now urgently working to improve its security framework, acknowledging previous shortcomings while appealing to the crypto community for help. Zhou’s call for bounty hunters is just one part of a broader strategy aimed at recovering the remaining funds.
The incident serves as a stark reminder of the vulnerabilities that still plague the fintech industry. Whether Bybit can successfully recover the stolen assets remains uncertain, but one thing is clear: the crypto world is paying close attention to what happens next.
