The hacker who pulled off the jaw-dropping $1.4 billion Bybit heist is moving fast—really fast. According to blockchain sleuths at Spot On Chain, they’ve already washed more than half of the stolen Ethereum, some 266,309 ETH worth about $614 million, in just five days since February 22.
That’s a blistering pace of 48,420 ETH a day, and if they keep it up, the remaining 233,086 ETH could be squeaky clean in another five days flat.
🚨 The #Bybit hacker has laundered over 50% of the stolen $ETH within a week post-hack.
In the past 5.5 days, 266,309 $ETH ($614M)—53.3% of the stolen 499K ETH—has been washed away, mostly via #THORChain for $BTC, at a rate of 48,420 $ETH per day.
At this pace, with 233,086… https://t.co/LkFsX6AeYg pic.twitter.com/vYQUcUBQes
— Spot On Chain (@spotonchain) February 28, 2025
They’re leaning hard on THORChain to swap that ETH for Bitcoin, and it’s turned the platform into a laundering hotspot. Crypto.news reported on February 27 that THORChain’s daily transaction volumes exploded from a chill $80 million to a wild $580 million average since the hack hit. In five days, it clocked $2.91 billion in total swaps, pocketing $3 million in fees. February 26 was the big one—$859.61 million in a single day—followed by another $210 million on the 27th, pushing the two-day tally past a billion bucks.
The feds are pointing fingers at North Korea. On February 26, the FBI slapped the “TraderTraitor” label on this caper, tying it to state-sponsored hackers out of Pyongyang. Meanwhile, the tech detectives at Sygnia Labs and Verichain dug into the mess and found Bybit’s own security wasn’t the weak link. Turns out, the bad guys slipped in through a compromised developer machine at Safe Wallet, sneaking malicious JavaScript into the Gnosis Safe interface to hijack Bybit’s cold wallet. Safe’s saying their smart contracts are still solid, but it’s a loud wake-up call—hackers are eyeing the back-end providers, not just the exchanges.
