Bybit’s CEO, Ben Zhou, revealed today, on April 21, that 27.95% of the $1.4 billion stolen by North Korea’s Lazarus Group in February has gone dark. The hack drained about 500,000 ETH from a cold wallet.
Zhou shared the figures in an executive summary on X(Twitter), explaining how much of the loot remains traceable, frozen, or lost in the blockchain maze.
Breakdown of the Stolen Funds
Zhou said 68.57% of the stolen assets are still visible on public ledgers. That equals roughly 342,975 ETH, converted into 10,003 BTC and spread across 35,772 wallets.
Another 3.84% of the funds have been frozen by law enforcement or compliance teams. The final 27.59% slipped into services that mask the trail, making those tokens effectively untraceable.
Mixers and Bridges Used
According to Zhou, the Lazarus Group first sent funds to mixers, led mainly by Wasabi. After washing a chunk of Bitcoin there, smaller amounts flowed into CryptoMixer, Tornado Cash and Railgun.
From these services, the funds crossed chains and swapped through platforms like Thorchain, eXch, Lombard, LiFi, Stargate and SunSwap. Eventually, the laundered crypto reached peer‑to‑peer and over‑the‑counter fiat exchanges.
Also Read: Bybit Hackers Complete Laundering $1.39B ETH Via Thorchain, Thorchain Profits $5.5M
Ether Movements
Of the roughly 500,000 ETH taken, 432,748 ETH (about $1.21 billion) moved from Ethereum into Bitcoin via Thorchain. Only 5,991 ETH, valued at around $16.8 million, still sits on the Ethereum network in some 12,490 wallets. That small portion is easier to track, but still part of the larger stolen sum.
Once swapped, 944 BTC (around $90.6 million) went into the Wasabi Mixer. Another 531 BTC, which is equivalent to 18,206 ETH, travelled back to Ethereum across Thorchain. From there, the mixed coins ultimately filtered into private fiat exchanges.
Bounty Efforts
Zhou pointed to lazarusbounty.com, where over the past two months, the community filed 5,443 bounty reports. Only 70 tipped into valid leads, he noted, and urged more code‑breakers to join.
“We need more bounty hunters who can decode mixers,” he said, stressing that unravelling these services is critical for tracking future flows.
North Korea’s Growing Bitcoin Stockpile
Beyond the Bybit exploit, North Korea has amassed a hefty Bitcoin reserve. Data from Arkham Intelligence shows the Lazarus Group controls at least 13,518 BTC, making it one of the largest nation‑state holders of the cryptocurrency, outranking small countries like Bhutan and even El Salvador.
The Bybit disclosure highlights how sophisticated cyber‑heists can be, and how easily funds vanish into the blockchain’s underworld. As trackers freeze some assets and trace others, a sizable share remains beyond reach.
The call for more bounty hunters underlines the challenge ahead: untangling an ever‑more complex web of mixers, bridges and private exchanges to recover stolen wealth.