Nearly Half of $1.4B Stolen in Bybit Hack Now Untraceable, Laundered Through Crypto Mixers

Nearly three months after one of the largest crypto heists in history, blockchain analysis reveals that close to half of the $1.4 billion stolen from Bybit has effectively vanished. According to internal data and third-party analytics, $644 million in crypto funds has been funneled through advanced laundering tools, rendering it virtually untraceable.

The breach, which rocked the crypto world in February 2025, saw attackers siphon off vast amounts of digital assets from Bybit. Today, roughly $693 million (49.5%) of the stolen assets remain traceable, while only $63 million (4.5%) has been frozen by law enforcement and exchanges.

The stolen crypto was laundered through multiple mixing services—tools designed to obfuscate the origin and flow of digital assets. Leading the pack was Wasabi Wallet, which processed $247.5 million (approximately 966 BTC). Close behind was eXch, a lesser-known mixing service that laundered $94.1 million despite claiming to have shut down operations in April.

Investigators also found that smaller amounts were routed through Ethereum-based mixers: Tornado Cash ($2.5 million in ETH) and Railgun ($1.7 million in ETH).

Security experts are especially concerned about eXch’s activity. Despite public claims of closure, the service remains fully operational via backend APIs, according to blockchain intelligence firm TRM Labs. Their analysis shows that eXch pools and mixes transactions in a way that removes identifiable links between sender and recipient, creating near-total anonymity.

The attack has been linked to TraderTraitor, a North Korean state-sponsored hacking group. In a post on X (formerly Twitter), crypto wallet platform Safe revealed that one of its developers was the entry point for the exploit. The group reportedly tricked the developer into downloading a malicious Docker project disguised as a stock trading simulator. Once installed, the malware communicated with a suspicious domain, compromised the laptop, and stole AWS session tokens used to bypass multi-factor authentication.

With this access, the attackers infiltrated Bybit’s infrastructure and drained the funds.

The Bybit breach has become a textbook case of how even sophisticated crypto firms remain vulnerable to targeted, social engineering-based attacks. While some of the funds remain frozen, the majority are either traceable or already lost in mixers that provide little hope of recovery.

Law enforcement agencies and blockchain analysts continue to track what remains of the stolen assets, but with half the funds already “washed,” the likelihood of full recovery diminishes by the day.