The massive hack on crypto exchange Bybit last month shocked an already jittery market. But according to co-founder Ben Zhou, there’s still hope. Around 88% of the stolen funds — nearly $1.3 billion — remain traceable on the blockchain.
That’s a huge chunk. And it’s giving investigators room to act.
The attack, which targeted liquid-staked assets like stETH and Mantle’s mETH, stands as one of the largest-ever breaches in crypto’s brief but chaotic history. Now, a race is on — not just to catch those responsible but to reclaim as much of the lost money as possible.
The Lazarus Group’s Fingerprints Are All Over It
Ben Zhou didn’t mince words. He confirmed publicly that blockchain analytics teams are actively tracking the stolen assets and working to freeze them before they vanish completely.
That’s a tall order.
Several independent reports — including from Arkham Intelligence, a respected blockchain forensics firm — have linked the hack to North Korea’s Lazarus Group, an organisation known for its precision, patience, and political motives.
They’ve been behind some of the most high-profile digital heists of the past decade. Yet this time, their moves seem a bit off.
In fact, they’ve stumbled.
Hackers Struggle to Obscure Their Trail
The usual trick? Crypto mixers. Privacy protocols. Hop through DeFi like it’s a money-laundering obstacle course. But this time, not so effective.
The blockchain, it turns out, has a long memory.
- 88% of the stolen funds are still traceable
- Mixers failed to obscure significant chunks of the movement
- Real-time alerts helped freeze minor transactions on-chain
That’s a major reason why so many analysts think the hackers rushed. Sloppy execution can be rare for Lazarus, but when they go for volume, mistakes happen. And this hack was high-volume, high-risk.
Where the Money Went
A big part of the breach involved liquid-staked Ether — the kind that gets locked up in protocols like Lido for passive income. That matters because it makes movement harder. Liquid staking isn’t your average wallet-to-wallet transfer.
Here’s a rough breakdown of the digital assets hit:
| Asset Type | Estimated Share of Loss | Traceability Status |
|---|---|---|
| stETH | ~45% | Mostly traceable |
| mETH | ~25% | High traceability |
| USDT, USDC | ~15% | Freezing attempted |
| Other tokens | ~15% | Partially obfuscated |
That’s not just a loss in value. It’s a headache in logistics. Some of these funds sit in contract wrappers or cross-chain bridges, adding layers of complexity.
Crypto Industry Watches Nervously
The Bybit hack comes at a sensitive time for the crypto sector.
Markets have just started recovering from the long crypto winter. Institutional interest is climbing. And then — boom — $1.5 billion disappears overnight.
One trader called it “Mt. Gox, but with better PR.”
It’s not just the amount that worries people. It’s the optics.
Some key voices from the industry weighed in over the past few weeks. Binance CEO Richard Teng said the hack proves “we need stronger on-chain risk tools.” Meanwhile, Ethereum developer Tim Beiko said this is a “wake-up call for L2 security.”
They’re not wrong.
Investigators Are Gaining Ground
Interestingly, this may be the first time in years that investigators seem to have the upper hand — at least early on.
Blockchain sleuths, backed by exchanges and international agencies, have made quick progress. Several flagged wallets have already been tagged and listed publicly. Exchanges are watching closely to prevent off-ramping of stolen assets.
The most surprising part? The hackers haven’t moved the funds much.
“They’re boxed in,” one analyst told Bloomberg off-record. “Every time they try to swap something, someone’s watching.”
One wallet holding a chunk of stETH tried routing through a privacy protocol. It got flagged in minutes. Blocked. The funds are now frozen — inert but not recovered.
Users Still in Limbo
The real losers, for now, are Bybit users.
Despite reassurances from the company that users won’t bear the brunt, the lack of a formal reimbursement timeline has left many wondering. Some have already pulled their remaining assets off the platform.
A Telegram group of Bybit users affected by the hack has ballooned to over 12,000 members. And the mood? Let’s just say it’s not cheerful.
There’s chatter of legal action. There’s frustration about communication gaps. And there’s real concern about what comes next.
The Bigger Picture
This isn’t just a Bybit story.
Crypto hacks are surging again, after a brief lull in 2023. DeFi protocols, cross-chain bridges, and staking platforms remain prime targets. According to Chainalysis, over $3.8 billion was stolen in crypto hacks in 2022, with similar numbers expected for 2025 if this trend keeps up.
And Lazarus? Still out there. Still aggressive. Still likely backed by the North Korean regime, using stolen assets to fund government operations and bypass sanctions.
Crypto’s transparency is both its biggest strength and its glaring weakness.
In this case, transparency might be what saves Bybit — or at least helps it recover.
Bitcoin 
Ethereum 
BNB 
Solana 
Cardano 
Sui 
Chainlink 
Avalanche 
Polkadot 
Aptos 
Bittensor 
NEAR Protocol 
Internet Computer 
Mantle 
Kaspa 
Render 
Cosmos Hub 
Algorand 
Filecoin 
Celestia 
Arbitrum 
Jupiter 
Stacks 
Optimism 
Sei 
Quant 
Immutable 
Injective 
The Graph 
Flow 
Pyth Network 
dYdX 
MultiversX 
THORChain 
Beam 
Akash Network 
Illuvium 
Metis 
Manta Network 
Dymension 
Kujira