Half a Billion Vanishes: Bybit Heist Funds Go Dark

$644 Million in Stolen Crypto Disappears

Three months after the jaw-dropping $1.4 billion crypto heist at Bybit, blockchain sleuths are freaking out—nearly half that fortune, $644 million, has vanished into the digital abyss! That's right, folks, while $693 million (49.5%) is still on our radar, and $63 million (4.5%) has been frozen by exchanges and the law, the rest? Poof! Gone like a ghost in the night.

Laundering Like Pros: Mixers at Work

These crafty thieves didn't just steal; they laundered like pros, funneling the loot through mixing services with the finesse of seasoned criminals. The biggest chunk, $247.5 million (around 966 BTC), got washed through Wasabi Wallet. And guess what? Another $94.1 million was scrubbed clean via eXch, a mixer that claimed to be out of business but is still sneaking around. Even smaller amounts, $2.5 million in ETH via Tornado Cash and $1.7 million in ETH through Railgun, joined the laundering party.

eXch: The Zombie Mixer That Won't Die

Hold onto your hats—eXch is still kicking despite saying it shut down in April! These guys are operating through sneaky back-end APIs, making the cash trail as murky as a swamp. TRM Labs spilled the beans, saying, "All received and sent transactions are mixed together and there's no way to figure out how many people are behind certain addresses. Traceability? Forget about it!"

North Korean Hackers: The Masterminds Behind the Heist

And who's pulling these strings? None other than the notorious North Korean hacking crew, TraderTraitor. These cyber crooks hacked into a Safe{Wallet} developer's laptop using a fake "stock investment simulator" Docker project on a Mac. Once inside, they snatched AWS session tokens and danced past multi-factor authentication like it was nothing, straight into Bybit's vault.

The Sneaky Malware that Started it All

This wild ride kicked off in early February when the unsuspecting developer downloaded that dodgy Docker project. It wasn't long before the malware started chatting with a shady domain, setting the stage for the biggest crypto heist we've seen in ages.