A hacker responsible for the largest crypto heist in history has successfully laundered over $1.04 billion worth of stolen funds in just ten days. Despite this, blockchain security experts remain optimistic that a small portion of the assets may still be traced and recovered.

Bybit Suffers Historic $1.4 Billion Hack

On 21 February, cryptocurrency exchange Bybit suffered a devastating cyberattack that resulted in the theft of over $1.4 billion worth of liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. The breach marks the largest crypto theft to date.

Since the attack, the perpetrator has moved all 500,000 stolen Ether (ETH), now valued at approximately $1.04 billion, through decentralised cross-chain protocol THORChain, according to blockchain security firm Lookonchain.

“The #Bybit hacker has laundered all the stolen 499,395 $ETH ($1.04B currently), mainly through #THORChain,” Lookonchain reported on 4 March via X (formerly Twitter).

Lazarus Group Suspected as the Culprit

Multiple blockchain analytics firms, including Arkham Intelligence, have identified North Korea’s notorious Lazarus Group as the primary suspect behind the attack. The group has been linked to several high-profile cryptocurrency heists, with stolen proceeds allegedly being used to fund North Korea’s nuclear weapons programme.

The attack comes just months after South Korean authorities sanctioned 15 North Koreans for generating illicit funds through cyber theft and cryptocurrency fraud.

Hope for Partial Fund Recovery

Despite the sophisticated laundering techniques employed, blockchain security experts believe that a fraction of the stolen funds may still be recovered.

Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers, explained that while asset swaps and mixers complicate tracking, there are still methods to trace and potentially freeze stolen funds.

“While laundering through mixers and cross-chain swaps complicates recovery, cybersecurity firms leveraging on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators still have small opportunities to trace and potentially freeze assets,” Lavid said.

He also emphasised the importance of rapid response: “Once funds are deeply obfuscated, recovery becomes significantly harder. The main stolen fund prevention is mainly before or during the hack.”

Bybit CEO Confirms Partial Traceability

Bybit CEO Ben Zhou confirmed that approximately 77% of the stolen funds remain traceable. However, he acknowledged that over $280 million “has gone dark,” while 3% of the funds have been successfully frozen.

Despite the massive financial loss, Bybit has assured customers that withdrawals remain unaffected. The exchange fully replaced the stolen Ether within just three days of the attack, ensuring that user funds were not impacted.

New Security Measures to Combat Future Attacks

In response to the growing threat of crypto heists, security firms like Cyvers are developing preemptive solutions to mitigate future attacks.

Michael Pearl, Vice President of GTM Strategy at Cyvers, highlighted an emerging security measure known as off-chain transaction validation. This technology aims to prevent up to 99% of crypto hacks and scams by preemptively simulating and validating blockchain transactions before they are executed on-chain.

As cybercriminals continue to exploit vulnerabilities in the crypto space, exchanges and security firms are intensifying efforts to protect user assets and prevent future large-scale breaches.