Three months after one of the largest crypto thefts on record, blockchain data shows that almost half of the $1.4 billion stolen from Bybit has gone dark.
Data from cryptocurrency exchange Bybit reveals $644 million in stolen funds — nearly half of the exchange’s massive $1.4 billion theft — has vanished from public tracking after being processed through mixing services. Approximately $693 million (or 49.5%) remains traceable, while exchanges and authorities have frozen $63 million (4.5%), the data shows.
The stolen funds were systematically laundered through several mixing services. The largest portion — $247.5 million (around 966 BTC) — was laundered through Wasabi Wallet, while another $94.1 million laundered via eXch, a mixing service that publicly claimed to shut down in April but remains operational. Smaller amounts moved through Tornado Cash ($2.5 million in ETH) and Railgun ($1.7 million in ETH).
Of particular concern is eXch’s continued activity despite its alleged closure. As crypto.news reported earlier, analysts at TRM Labs confirmed that the service still functions through back-end APIs. The mixer’s pooled transactions create near-total opacity as “all received and sent transactions are mixed together and there is no way to discover how many people are behind certain addresses and traceability is extremely difficult,” TRM Labs explained.
In a March article on X, analysts at crypto wallet interface platform Safe revealed that a North Korean hacking group known as TraderTraitor compromised a Safe{Wallet} developer’s laptop and used stolen AWS session tokens to bypass multi-factor authentication, gaining access to Bybit’s funds.
The breach occurred in early February, when a Docker project — posing as a “stock investment simulator” — was downloaded onto Safe developer’s Mac. The project communicated with a suspicious domain, leading to the malware’s installation.
