In a stunning display of operational efficiency, hackers have successfully laundered over $1 billion in cryptocurrency stolen from Bybit, a major cryptocurrency exchange. The incident, which unfolded in late February 2025, has sent shockwaves through the crypto world and raised serious questions about security protocols at Bybit and the broader industry.
Why it matters: The speed and scale of the laundering operation highlight the sophistication of modern cryptocurrency theft and raise concerns about the ability of exchanges and law enforcement to recover stolen funds.
Technical Details: The heist initially targeted liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and other ERC-20 tokens, with an estimated total value of $1.4 billion. The hackers, however, primarily focused on laundering the Ethereum (ETH) they obtained, which amounted to $1.04 billion. The key details of the operation are as follows:
- Amount laundered: $1.04 billion in ETH
- Timeframe: 10 days
- Primary laundering method: THORChain decentralized crosschain protocol
Laundering Process: The hackers employed a multi-pronged approach to obfuscate the origins of the stolen funds. They utilized multiple intermediary wallets, decentralized exchanges (DEXs), and cross-chain bridges to quickly move the funds across different blockchains and digital assets.
One of the key tools used in the laundering process was THORChain, a decentralized crosschain protocol. According to blockchain security firm Lookonchain, the hackers moved all 499,395 stolen Ether (ETH), valued at about $1.04 billion, mainly through THORChain.
The rapid pace of the laundering operation further complicated recovery efforts. Within 48 hours, at least $160 million had been funneled through illicit channels, and by February 26, over $400 million had been moved.
Despite the successful laundering, blockchain security experts remain hopeful that a small portion of these funds can still be frozen and recovered through blockchain tracing and other advanced techniques.
Currently, the status of the stolen funds is as follows:
- Traceable funds: Approximately 77%
- Funds “gone dark”: Over $280 million
- Funds frozen: 3%
Ongoing efforts: Cybersecurity firms are leveraging on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators to trace and potentially freeze the assets. However, the complexity of the laundering process, involving mixers and cross-chain swaps, complicates recovery efforts.
This incident underscores the need for enhanced security measures and proactive risk management in the cryptocurrency industry.
Looking ahead, the Bybit hack and its aftermath are likely to spur further discussions and initiatives to improve security and regulation in the cryptocurrency space.
