Bybit CEO Ben Zhou said 83% of stolen funds were converted to Bitcoin and spread across 7,000 wallets, with 20% untraceable and 3% frozen.
The hacker behind the $1.39 billion Bybit exploit is said to have successfully laundered all the 499,000 ETH in just ten days.
Despite blockchain analytics firms, law enforcement agencies, and crypto exchanges closely monitoring the movement of the stolen funds, the attacker effectively leveraged decentralized finance (DeFi) protocols to clean them fully.
Laundering Details
On-chain analytics platform EmberCN started tracking the funds soon after they were stolen. On February 25, the firm revealed that the hacker had laundered more than 89,000 ETH, valued at about $224 million, in about 60 hours.
The attacker washed another 45,900 ETH worth some $113 million a day later, bringing the total amount laundered to 135,000 ETH. They repeated the process on February 27, swapping 71,000 ETH with a market value in the region of $170 million.
At that point, about four and a half days after the attack, the perpetrator had managed to convert 206,000 ETH into other crypto assets, averaging about 45,000 ETH daily. However, they still had another 292,000 coins left, worth a whopping $685 million, and worked relentlessly night and day to clean them.
According to EmberCN, by February 28, the bad actor had added another 59,800 ETH to their laundered loot, bringing it to 266,000 ETH, with 233,000 remaining. Interestingly, on March 1, a Saturday, the exploiter took a break from cleaning the stolen funds, managing to clear only a relatively modest 14,300 ETH valued at $32.2 million.
They resumed activities the next day, converting 62,200 ETH, and by the morning of March 4, EmberCN reported that the attacker had laundered all the remaining funds.
Bybit’s Take
Bybit CEO Ben Zhou has offered a slightly different take from the analytics firm’s. In an X post on Tuesday, he provided an executive summary of the attack, stating that about 83% of the stolen funds, worth approximately $1 billion, have been converted into Bitcoin (BTC) and spread across nearly 7,000 wallets.
Of the total amount lost in the exploit, 20% cannot be traced, while 3% has been frozen. Zhou also claimed that a large chunk of the untraceable funds, about 79,655 ETH, was laundered through the eXch exchange.
The attacker, linked by the FBI to North Korea’s Lazarus Group, also processed another 40,233 ETH via OKX’s web3 wallet. Still, on-chain detectives have traced about 16,680 ETH, with the rest seemingly gone with the wind unless Bybit gets additional information from OKX.
According to Zhou, the primary platform the hackers used in the laundering process was THORChain. He estimates that more than 361,000 ETH, valued at over $900 million, has been swapped via the cross-chain liquidity protocol.