Bybit CEO Says $1.2B in Lazarus-Hacked Crypto Still Traceable as Bounty Hunt Intensifies

Bybit CEO Says $1.2B in Lazarus-Hacked Crypto Still Traceable as Bounty Hunt Intensifies

Ben Zhou reveals progress in tracking North Korea-linked cyberattack, urges crypto bounty hunters to crack laundering mixers

Lazarus Hack Still Under the Microscope: Most Stolen Crypto Can Be Traced

Nearly 70% of the crypto assets stolen in February’s historic $1.4 billion Bybit hack remain traceable, according to Bybit co-founder and CEO Ben Zhou. In an April 21 update posted on X, Zhou shared fresh details on the trail of the loot siphoned by the notorious North Korean Lazarus Group.

“Of the total hacked funds, 68.6% remains traceable,” Zhou wrote, while 27.6% has “gone dark” through complex laundering methods. Just 3.8% has been successfully frozen so far.

The stolen funds were funneled through crypto mixers, bridges, and peer-to-peer platforms, a method Zhou said is designed to confuse blockchain tracing efforts.

Wasabi Mixer and Crosschain Laundering Tools Take Center Stage

Zhou singled out Wasabi as the primary mixer used by Lazarus. After the initial wash, smaller amounts flowed into CryptoMixer, Tornado Cash, and Railgun — all previously flagged for enabling anonymized crypto transfers.

One alarming detail:

944 BTC, worth approximately $90 million, passed through Wasabi alone.

From there, the funds moved through crosschain and swap services such as THORChain, eXch, Lombard, LI.FI, Stargate, and SunSwap, before being dispersed across peer-to-peer (P2P) and over-the-counter (OTC) services.

ETH-to-BTC Conversion Adds Another Layer of Obfuscation

According to Zhou, the hackers also moved 432,748 Ether (ETH) — roughly 84% of the stolen ETH, valued at $1.21 billion — from Ethereum to Bitcoin via THORChain.

Approximately $960 million of ETH was converted into 10,003 BTC and distributed across a staggering 35,772 wallets.

Still, Zhou noted, around $17 million in ETH remains unlaundered, spread across 12,490 Ethereum wallets.

Bounty Program Seeks to Crack the Code — $2.3M Already Paid

In a bid to claw back stolen assets, Bybit launched the “Lazarus Bounty” program in February, offering $140 million in total rewards for information that leads to fund freezes.

So far, just 70 out of 5,443 bounty reports submitted in the last 60 days were valid. Bybit has paid out $2.3 million, with the Mantle Layer-2 platform receiving the bulk after helping freeze $42 million worth of assets.

“We need more bounty hunters that can decode mixers,” Zhou urged, emphasizing that help is desperately needed in tracking complex laundering techniques.

Fallout Spreads: eXch Exchange to Shut Down

The ripple effects of the hack continue. On April 17, eXch crypto exchange announced it would cease operations by May 1, following allegations it was used to launder funds stolen from Bybit.

The exchange’s shutdown underscores how deeply the Lazarus Group’s activities have shaken the DeFi ecosystem, prompting both urgent cybersecurity upgrades and international attention.