$380 Million in Crypto Looted in Bybit’s Massive Hack Has Disappeared Into the Shadows

Bybit Hack: $380M in Crypto Now Untraceable as Stolen Funds Disappear Through Mixers and Bridges

Nearly $380 million worth of crypto stolen during Bybit’s massive $1.4 billion hack has effectively vanished, according to a detailed post from the exchange’s CEO, Ben Zhou. The heist, orchestrated by North Korea’s infamous Lazarus Group, has entered a murky phase as a significant portion of the funds slip beyond forensic reach.

In an update shared Monday on X, Zhou confirmed that 27.59% of the stolen crypto has “gone dark,” funneled through a complex web of mixers, bridges, and peer-to-peer platforms that have thwarted tracking efforts. Roughly 68.57% of the assets remain traceable, while 3.84% have been frozen.

“Total hacked funds of USD 1.4bn — around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen,” Zhou stated. “The untraceable funds primarily flowed into mixers, then through bridges to P2P and OTC platforms.”

The laundering trail began with services like Wasabi, Tornado Cash, Railgun, and CryptoMixer, which helped obscure the origin of funds. From there, the assets traveled through cross-chain bridges and DEXs, including Thorchain, Stargate, LiFi, SunSwap, Lombard, and eXch — ultimately emerging in the form of more liquid and less traceable assets.

Investigators revealed that the Lazarus Group initially drained 500,000 ETH from a compromised cold wallet. Of that, over 432,000 ETH — roughly 84% — was swapped into bitcoin via Thorchain. The converted funds, amounting to 10,003 BTC (around $960 million), were distributed across more than 35,000 wallets, each holding an average of just 0.28 BTC, likely to minimize detection.

A smaller portion — about 5,991 ETH (1.17% of the total, or roughly $16.8 million) — remains on Ethereum, spread across over 12,000 wallets.

To combat the laundering operation, Bybit launched the Lazarus Bounty program, which has so far received 5,443 tips. Of those, only 70 have been validated. Zhou stressed that more blockchain analysts and on-chain sleuths are needed to decode the increasingly complex mixer infrastructure: “We need a lot of help there down the road.”

The case underscores the evolving sophistication of state-sponsored crypto hacks — and the growing challenge of tracking digital assets once they’ve been laundered through decentralized infrastructure.