Bybit CEO Ben Zhou has provided a crucial update on the largest crypto hack in history, detailing the movement of the stolen $1.4 billion. While 77% of the funds remain traceable, 20% have gone dark, and 3% have been frozen.

Stolen Funds Converted to Bitcoin

Zhou revealed that 83% of the stolen assets—417,348 ETH worth $1 billion—were converted into Bitcoin across 6,954 wallets. This averages around 1.71 BTC per wallet, making tracking more complex.

A major portion, 361,255 ETH ($900 million), was processed through THORChain, but these transactions remain traceable. However, 79,655 ETH ($100 million) moved through OKX Web3 proxy wallets, with 16,680 ETH still traceable and 23,553 ETH ($65 million) considered untraceable unless OKX Web3 provides further data.

Efforts to Freeze the Funds

Bybit has partnered with 11 entities, including Mantle, Paraswap, and blockchain investigator ZachXBT, to track and freeze the stolen funds. So far, $2.18 million in USDT has been paid to bounty hunters assisting in the recovery process.

The exchange has also launched a dedicated website to monitor the movement of stolen assets. This site has identified seven cooperative exchanges aiding in freezing funds. However, one platform, eXch, a no-KYC swap service, has refused to comply, denying any involvement in laundering stolen assets.

Chainflip’s Security Upgrade to Block Hackers

In response to the attack, Chainflip, a cross-chain DEX, is rolling out a protocol upgrade (v1.7.10) to block hackers from using its platform for laundering stolen funds.

This update introduces enhanced screening tools that enable broker operators—including SwapKit and the Rango DEX aggregator—to reject suspicious ETH and ERC-20 deposits. Chainflip emphasized that allowing illicit transactions could pose risks to liquidity providers (LPs).

How the Hack Happened?

The Bybit hack, which occurred on February 21, 2025, was executed through a sophisticated attack on the exchange’s multi-signature approval process. Hackers used a fake user interface to hide a malicious smart contract, successfully draining a significant portion of Bybit’s Ethereum reserves.

The next week is expected to be critical as hackers attempt to move funds through exchanges, OTC desks, and peer-to-peer platforms. The crypto community remains on high alert, working together to track, freeze, and recover the stolen assets.