Türkçe
Español
Ben Zhou, the CEO of the cryptocurrency exchange Bybit, made significant statements regarding a large-scale attack conducted in February by the North Korea-linked hacker group Lazarus. Zhou reported that a total of $1.4 billion was stolen, with approximately 28% of these funds being untraceable. He noted that the methods used in the attack were highly complex, and the technical tracking process is still ongoing. This incident has once again raised concerns about security vulnerabilities in the cryptocurrency market.
Stolen Funds Laundered Through Mixers
The attack resulted in the theft of over 500,000 ether (ETH). According to Bybit’s announcement, a significant portion of this ETH was directed to privacy-focused mixing platforms like Wasabi. By obscuring transactions, tracking the funds became nearly impossible. Following this process, the stolen ETH was transferred to peer-to-peer (P2P) and over-the-counter (OTC) platforms using bridge systems. These cross-chain transfers further complicated tracking efforts.
Data published by Bybit indicated that 68.57% of the stolen funds are traceable, while 27.59% remain completely dark. The remaining 3.84% has been frozen by authorities. Notably, the untraceable portion was initially processed through privacy mixers and subsequently distributed across multiple platforms. Reports suggest that Lazarus utilized platforms such as Thorchain, eXch, LiFi, Stargate, and SunSwap in this process.
More Than 432,000 ETH Converted to Bitcoin
According to Zhou, a large portion of the stolen ETH was converted to bitcoin to enhance liquidity. Investigative analyses revealed that a total of 432,748 ETH was converted to bitcoin, which was distributed across 35,772 different wallets. On average, approximately 0.28 BTC was transferred to each wallet, a distribution believed to be specifically planned to limit traceability.
Additionally, around 6,000 ETH, equivalent to approximately $16.77 million, remains on the Ethereum 
$2,182 blockchain. The company stated that this situation provides critical data for technical tracking. Furthermore, under the Lazarus Bounty initiative, 5,443 suspicious transaction notifications have been reported in the past two months, of which only 70 were deemed valid. Zhou clearly stated the need for more experts in this area.
Technological Tracking Continues, New Measures on the Way
In light of this incident, authorities emphasized the need for stricter regulations regarding the laundering of digital assets. Efforts have been initiated to develop technological monitoring systems, and specialized algorithms will be implemented for cross-chain transaction tracking. Bybit announced plans for significant updates to its security infrastructure to prevent similar attacks in the future.
This event has sparked new discussions regarding cold wallet security in the cryptocurrency market, the traceability of cross-chain transfers, and the auditability of decentralized platforms. Bybit indicated that it is working in cooperation with international law enforcement agencies and will maintain transparency throughout the process.
