How the Bybit Hacker Laundered Ethereum Worth $614 Million Using THORChain
The Bybit hacker launders Ethereum at an unprecedented rate, converting over 50% of the $1.4 billion stolen funds in less than a week. Using THORChain, the hacker swapped Ethereum for Bitcoin, moving 266,309 ETH—approximately $614 million—in just five days. This pace, averaging 48,420 ETH per day, suggests that the remaining 233,086 ETH could be fully laundered within another five days if the trend continues.
According to blockchain analytics firm Spot On Chain, the massive movement of stolen Ethereum has triggered a record-breaking surge in THORChain transactions. In just five days, the total transaction volume hit $2.91 billion, with THORChain earning $3 million in fees from the increased usage. On February 26 alone, THORChain saw $859.61 million in swaps, followed by an additional $210 million on February 27, pushing the two-day total past $1 billion.
The FBI has officially linked the Bybit hack to North Korean state-sponsored hackers, labeling it as part of the “TraderTraitor” series of cyberattacks. This attribution follows extensive forensic investigations by Sygnia Labs and Verichain, which confirmed that Bybit’s security infrastructure remained intact despite the breach.
Read More : Pump.fun Hack: Understanding the Risks and Implications of Memecoin Scams
The investigation revealed that the vulnerability was due to a compromised Safe Wallet developer machine. Attackers exploited this flaw by inserting malicious JavaScript code into the Gnosis Safe UI, specifically targeting Bybit’s cold wallet. While Safe has confirmed that its smart contracts are secure, this incident highlights an emerging trend: hackers are increasingly targeting infrastructure providers rather than the exchanges themselves.
Bybit is actively tracking the laundered funds and has launched a dedicated website to monitor the movement of stolen Ethereum. The exchange is also offering a bounty to platforms that assist in recovering the stolen assets. This case underscores the growing sophistication of crypto hacks and the challenges of securing digital assets against state-sponsored cyberattacks.
The Bybit hacker‘s strategy of using THORChain for laundering stolen funds reflects a shift towards decentralized platforms that offer anonymity and liquidity. As cryptocurrency heists become more complex, exchanges and blockchain security firms must adopt advanced monitoring tools and collaborate to combat the evolving threat landscape.
This incident serves as a wake-up call for the crypto industry, highlighting the need for stronger security protocols and enhanced threat detection mechanisms. As the Bybit hacker launders Ethereum at a staggering pace, the crypto community must stay vigilant and proactive in safeguarding digital assets.
