Three months after suffering one of the largest crypto heists in history, blockchain analysis reveals that nearly half of the $1.4 billion stolen from Bybit has disappeared from public view after being processed through advanced crypto-mixing tools.
According to updated internal data from Bybit, $644 million of the stolen funds — about 46% — has been successfully laundered and is no longer traceable. Meanwhile, $693 million (49.5%) remains visible on-chain, and approximately $63 million (4.5%) has been frozen by exchanges and authorities.
Mixing Services Obscure the Trail
The laundering operation relied heavily on well-known and controversial privacy services. The breakdown of the laundering routes includes:
- $247.5 million (~966 BTC) via Wasabi Wallet, a privacy-focused Bitcoin mixer using CoinJoin
- $94.1 million routed through eXch, a mixer that falsely claimed to shut down in April 2025 but continues to operate via backend APIs
- $2.5 million (ETH) moved through Tornado Cash
- $1.7 million (ETH) laundered using Railgun
The activity on eXch has raised alarms among analysts. Despite announcing its closure, TRM Labs confirmed that the service still quietly functions in the background. Its system creates near-complete obfuscation, pooling users’ transactions into large anonymous batches, leaving “no way to discover how many people are behind certain addresses,” the firm said.
North Korean Hacking Group Behind the Breach
As previously reported, the February 2025 Bybit hack was linked to the North Korean cybercrime syndicate TraderTraitor, which compromised a developer working for the crypto wallet interface Safe{Wallet}.
The attack exploited a fake Docker-based stock investment simulator, which tricked the developer into installing malware on a Mac device. The malware allowed the attackers to steal AWS session tokens, bypassing multi-factor authentication and ultimately draining Bybit’s wallets.
Industry Fallout and Ongoing Investigation
This hack not only remains the largest exchange attack since Mt. Gox, but also showcases the increasing sophistication of state-backed threat actors and decentralized laundering techniques.
Bybit, which has been steadily recovering from the breach, is now partnering with blockchain intelligence firms and international law enforcement to recover frozen assets and trace the remaining 49.5% still visible on-chain.
“This wasn’t just a theft — it was a state-grade, coordinated assault using social engineering, zero-day exploits, and laundering infrastructure operating in plain sight,” said a forensic investigator involved in the case.
Stay with TheCoinInfo for exclusive updates on the Bybit hack, global cybercrime trends, and evolving threats to crypto security.
