http://www.expatriates.com/classifieds/switzerland/air-conditioners/index.xml http://www.expatriates.com/cls/63477911.html On February 21, 2025, the cryptocurrency world was rocked by what is now recognized as the largest digital heist in history. Bybit, a Dubai-based centralized cryptocurrency exchange and one of the world's leading trading platforms, suffered a devastating security breach that resulted in the theft of approximately $1.5 billion worth of Ethereum and related tokens from its cold wallet. The attack, which security researchers have attributed to North Korea's infamous Lazarus Group, has sent shockwaves through the industry and raised urgent questions about asset security, forensic tracing, and the viability of recovery.

What Happened During the Bybit Hack

The hack unfolded during what appeared to be a routine multi-signature transaction facilitated through Safe{Wallet}, a popular self-custodial wallet platform used by hundreds of protocols and exchanges to increase security through multiple signer approvals. According to forensic reports released by Bybit in collaboration with Sygnia and Verichains, the attack was anything but routine. The hacker deployed a malicious contract targeting Bybit's Ethereum multi-signature cold wallet on February 19, disguising it as normal business logic code. The contract paved the way for subsequent fund transfers by modifying the storage slot parameters of the smart contract.

What followed was a masterclass in social engineering and technical sophistication. The attacker used compromised machine permissions from a Safe{Wallet} developer to tamper with the multi-signature transaction data and induce authorized signers to approve a malicious transaction disguised as a legitimate transfer, effectively taking over control of the cold wallet. Bybit CEO Ben Zhou confirmed that the attacker gained control of one of Bybit's offline Ethereum wallets during what should have been a routine transfer from a cold wallet to a hot wallet.

The scale of the theft is staggering. The attackers drained 401,347 ETH worth approximately $1.12 billion, 90,376 stETH worth $253.16 million, 15,000 cmETH worth $44.13 million, and 8,000 mETH worth $23 million—all consolidated into ETH using decentralized exchanges. In total, over 400,000 ETH and derivative tokens worth more than $1.5 billion were transferred to an unidentified address. Research firm Arkham Intelligence confirmed approximately $1.4 billion in outflows from the exchange, noting that funds had begun moving to new addresses where they were being sold.

The Attackers: North Korea's Lazarus Group

Within days of the breach, blockchain intelligence firms including TRM Labs and Chainalysis confirmed that North Korean hackers were responsible, linking the attack to previous state-sponsored crypto heists. On February 26, 2025, the FBI officially linked the heist to North Korea, aligning with a longstanding pattern of cyber operations orchestrated by Pyongyang that, according to TRM, has resulted in the theft of over USD 5 billion worth of cryptocurrency since 2017.

The Lazarus Group's involvement is particularly concerning due to their established laundering infrastructure and state backing. According to TRM's 2025 Crypto Crime Report, North Korea was responsible for about USD 800 million in stolen cryptocurrency in all of 2024, accounting for approximately 35% of all stolen funds that year, with North Korean attacks being nearly five times larger than those by other actors. The Bybit hack alone led to almost $160 million more stolen than all funds stolen by North Korea throughout 2024.

Immediate Aftermath: The Industry Responds

Within hours of the attack, Bybit's security team reportedly locked down the system, secured user funds, and coordinated with top cybersecurity firms. Major industry players including Antalpha Global, Bitget, Pionex, and MEXC stepped in to assist. Blockchain security firms blacklisted addresses linked to the exploit, preventing unauthorized fund transfers, and Chainalysis reportedly identified the hacker's wallet, allowing the broader community to track movements in real time.

Bybit moved quickly to reassure its user base. CEO Ben Zhou stated that Bybit holds $20 billion in client assets and pledged that any unrecovered funds would be covered through the company's treasury or a bridge loan from partners. By raising $3.2 billion through bridge loans, Bybit joined forces with exchanges such as Binance and Bitget to replenish reserves and ensure normal user withdrawals.

Additionally, Bybit launched a Recovery Bounty Program offering 10% of recovered funds as a reward to cybersecurity experts and blockchain analysts who assist in tracking and retrieving the stolen assets. With over $1.4 billion in compromised funds, the bounty could reach $140 million in rewards. As of 2026, the LazarusBounty program has granted over $2.2 million to 13 bounty hunters.

How the Stolen Funds Were Laundered

The laundering operation that followed the Bybit hack has been described by blockchain analysts as unprecedented in both scale and speed. Within 48 hours, at least USD 160 million had been funneled through illicit channels, with TRM estimating that the total surpassed USD 200 million by February 23. By February 26, over USD 400 million had been moved, indicating an unprecedented level of operational efficiency.

The attackers employed a sophisticated multi-stage laundering strategy. The stolen ETH was dispersed to approximately 48 addresses and exchanged for BTC and other assets through cross-chain bridges such as THORChain and Chainflip. THORChain processed 72% of the illicit funds, earning approximately $5.5 million in fees while reportedly refusing to intervene, sparking significant community backlash over DeFi governance and whether protocols should prevent money laundering or uphold full decentralization.

The laundering process included transfers through multiple intermediary wallets, conversion into different cryptocurrencies, and the use of decentralized exchanges and cross-chain bridges to obfuscate the trail. A notable portion of the stolen funds also remained idle across various addresses—a deliberate tactic often employed by North Korean hackers to outlast the heightened scrutiny that immediately follows high-profile breaches.

Can the Stolen Ethereum Be Recovered?

The question on everyone's mind is whether the $1.5 billion worth of stolen Ethereum can be recovered. The answer is nuanced: partial recovery is possible and has already occurred, but full recovery remains extremely challenging given the sophistication of the attackers and the laundering methods employed.

Current Status of Funds

As of March 2025, Bybit CEO Ben Zhou provided a detailed breakdown of the stolen funds: approximately 77% remain traceable on the blockchain, 20% have "gone dark" and are no longer traceable, and approximately 3% have been successfully frozen. This means that while a significant majority of the stolen assets can still be followed across the blockchain, only a fraction has been immobilized. On-chain data tracker Ember reported that the Bybit hack laundered all of the stolen funds—approximately 499,000 ETH.

Some funds were intercepted during the transfer process. The mETH Protocol official recovered 15,000 cmETH, and Tether froze 181,000 USDT involved in the case. However, with approximately 77% of the $1.4 bi]]>