- Hackers laundered $16 million in Bitcoin through Wasabi mixer, then dispersed it across peer-to-peer networks to avoid traceability.
- A total of 440,091 ETH stolen in the Bybit hack was swapped for 12,836 BTC using cross-chain protocols like THORChain.
- Bybit has received over 5,000 bounty reports, with 63 valid leads and $2.2 million already awarded to successful contributors.
Hackers behind the $1.5 billion Bybit theft have begun laundering the stolen cryptocurrency through advanced tactics. Bybit CEO Ben Zhou confirmed that 193 BTC, valued at $16 million, moved through the Wasabi mixing service. This process concealed transaction trails and scattered the assets across peer-to-peer networks.
According to Zhou, 440,091 ETH from the stolen funds, valued at $1.23 billion, was converted into 12,836 BTC. The conversion relied on cross-chain protocols, particularly THORChain. This technique allowed hackers to bypass centralized exchanges while moving assets between Ethereum and Bitcoin networks.
Funds Distributed Across Thousands of Wallets
Once converted, the Bitcoin was separated into 9,117 unique wallets. Each wallet contained an average of 1.41 BTC. This dispersion tactic, combined with non-custodial platforms, significantly complicates the tracking process for investigators.
Besides Wasabi, other mixers including CryptoMixer, Railgun, and Tornado Cash are being used. These tools break the connection between sender and receiver by merging multiple transactions. Consequently, tracking efforts have become more complex and resource-intensive.
Peer-to-Peer Vendors Add Further Complexity
After mixing, the laundered assets are sent through peer-to-peer networks. These platforms allow direct crypto trades without involving exchanges or third-party oversight. Hence, once funds enter P2P channels, tracing them becomes even harder for forensic teams.
Despite these laundering methods, 88.8% of the stolen assets remain under observation. Additionally, 3.5% of the total funds have been frozen in collaboration with exchanges and blockchain analytics partners. However, 7.6% has become untraceable due to effective laundering efforts.
To accelerate asset recovery, Bybit launched a bounty program. With a reward pool of $140 million, it promises 10% of recovered funds to successful trackers. Half of the reward is allocated to those who freeze the funds, and the other half goes to those who first identify them.
Data from Arkham Intelligence shows the North Korean Lazarus Group may be linked to the breach. Investigators report the group holds over 13,400 BTC, much of it tied to the Bybit incident. Monitoring continues in cooperation with cybersecurity experts and blockchain analytics firms.
