Bybit theft incident tracking

ChainCatcher news, according to official sources, T3 FCU (T3 Financial Crime Unit) announced today that it has frozen $9 million in funds related to the Bybit hacker.Tether CEO Paolo Ardoino stated that Tether is committed to stopping the actions of criminals. By closely collaborating with T3 FCU, as well as other partners and global law enforcement agencies, it will ensure that stablecoin technology is not only transformative but also secure, transparent, and difficult to exploit.

ChainCatcher news, Safe announced that its joint security investigation with Mandiant (now part of Google Cloud) has made significant progress and confirmed that the theft incident on Bybit on February 21 was perpetrated by the North Korean hacker group TraderTraitor, which has previously targeted the crypto industry multiple times.The attackers compromised the laptop of a Safe{Wallet} developer and hijacked an AWS session token to bypass multi-factor authentication controls. This developer is one of the few with higher privileges to perform their duties.Safe calls on the Web3 ecosystem to collectively address the increasingly complex security threats and to enhance the optimization of transaction verification tools to improve user security. The official team has released a detailed transaction verification guide and plans to further optimize the user experience to reduce potential risks.

ChainCatcher news, according to Cointelegraph, the cryptocurrency exchange Bybit has confirmed that it has initiated a proposal requesting the decentralized finance (DeFi) protocol ParaSwap to return the transaction fees generated from trading with digital assets stolen from the exchange by the Lazarus hacker group.On March 4, a proposal was published on the ParaSwap decentralized autonomous organization (DAO) forum, requesting the freezing and return of 44.67 wETH worth nearly $100,000. The proposal initially raised skepticism, with several DAO members demanding verification of its origin. Bybit posted a verification message on its official X account on March 5, confirming that the proposal was initiated by them.This proposal for fund return sparked intense discussions among DAO members. DeFi researcher and ParaSwap DAO representative Ignas pointed out that profiting from a hacker attack gives a "bad image" to the DAO, and returning the funds would demonstrate support for industry peers. He added that retaining these funds could attract regulatory scrutiny and legal troubles. However, he also warned that refunds would set a dangerous precedent for DeFi: "Code is law. The DAO legally earned the fees through smart contracts. If we return the funds now, what happens in similar situations in the future? This would set a dangerous precedent."Opinions among ParaSwap DAO members are divided, with some supporting conditional refunds of the fees, while others voted against the refund. DAO member SEED Gov proposed three possible courses of action: full refund, rejection of the request, or negotiating a structured refund that includes retaining 10% as a bounty, consistent with Bybit's existing bug bounty program.

According to ChainCatcher's message, Bybit CEO Ben Zhou disclosed that the total amount of funds stolen by hackers is $1.4 billion (approximately 500,000 ETH), of which 77% is still traceable, 20% is untraceable, and 3% has been frozen.Specific analysis shows that 83% (417,348 ETH, approximately $1 billion) has been converted to Bitcoin, distributed across 6,954 wallets. The hackers primarily converted ETH to BTC through THORChain, accounting for about 72% (361,255 ETH). Additionally, 16% of the funds (79,655 ETH) were lost through the ExCH platform, and 8% of the funds (40,233 ETH) were transferred via OKX Web3 proxy, of which about 5% is untraceable.Currently, 11 parties have assisted in freezing the funds, with Mantle, Paraswap, and ZachXBT contributing the most, collectively paying out a bounty of 2.179 million USDT.

ChainCatcher message, Slow Mist Yu Xian stated, "Bybit was hacked for nearly $1.5 billion in ETH assets, apart from some being recovered, the rest has left Ethereum, with the vast majority entering the Bitcoin network, where complex coin laundering operations are taking place, and THORChain node operators have profited significantly."

ChainCatcher news, according to on-chain analyst Yu Jin's monitoring, the 499,000 ETH stolen by the Bybit hacker is finally about to be sold out (today or tomorrow): there are now only 60,000 ETH (approximately 148 million USD) left in the address waiting to be laundered. In the past 24 hours, the Bybit hacker has laundered 96,500 ETH.

ChainCatcher news, according to Bitrace monitoring, as of today, Tether and Circle have frozen at least 5 Ethereum and Tron addresses related to the Bybit hacker, successfully intercepting over 760,000 USDT and USDC.

ChainCatcher message, Safe states that the Safe{Wallet} team has been working with Mandiant over the past few days to conduct a comprehensive forensic investigation and security audit regarding the Bybit hacking incident. Safe emphasizes that its team is committed to transparency. Mandiant's preliminary report results will be published next week.