Crypto Payment Firms and OTC Desks Brace for Fallout as Stolen Bybit Funds Move Through the Market

Key Takeaways

• Crypto payment firms and OTC desks are ready to freeze stolen Bybit funds.
• Various entities froze a total of $42.5 million.
• Centralized and decentralized platforms are laundering the $1.5 billion fund.

Crypto payment firms and over-the-counter (OTC) desks are bracing for a sweeping freeze of stolen Bybit funds as the fallout from the $1.5 billion hack continues.

The stolen Ethereum (ETH) is being moved through various exchanges and tokens, raising concerns that some of these funds may inadvertently land in unsuspecting traders’ accounts.

Blockchain security firm Bitrace has warned that a crackdown is underway, which could result in large-scale account freezes and asset lockdowns.

Stolen Bybit Funds Frozen

Several platforms have already acted to contain the spread of stolen assets. Bybit reported that a total of $42.5 million had been frozen by various entities, including:

• Tether: Flagged and froze 181,000 USDT.
• THORChain: Blocked the hacker’s addresses.
• ChangeNOW: Froze 34 ETH.
• FixedFloat: Froze 120,000 USDC and USDT.
• Avalanche: Froze 0.38755 BTC.
• Coinexcom: Blocked the hacker’s addresses and provided key insights.
• Bitget: Blocked blacklisted addresses and froze 84 USDT.
• Circle: Assisted in tracing and provided critical data.

As hackers attempt to cash out through centralized exchanges, an increasing number of user accounts—both knowingly and unknowingly—are receiving stolen funds.

To curb the movement, stablecoin issuers and exchanges have begun freezing the business addresses of OTC merchants and payment institutions linked to illicit transactions.

Hackers Convert Stolen ETH Across Multiple Assets

The Bybit hackers believed to be the North Korean Lazarus Group, have begun shifting the stolen ETH into a variety of other cryptocurrencies, making it harder to track.

On-chain data from Lookonchain shows that the attacker first moved 10,000 ETH (worth $27 million) to one of several associated wallets before laundering the funds.

An additional $7 million was later transferred, with evidence linking the Bybit hack to a previous attack on Phemex.

On Feb. 23, the hacker funneled 5,000 ETH through eXch, a centralized mixing service, before converting the funds to Bitcoin via Chainflip.

Bybit requested that eXch block the transactions and assist in tracking the movement, but eXch made the request public and declined to cooperate.

A large share of the stolen funds has since been converted into Bitcoin (BTC), Dogecoin (DOGE), and Solana (SOL), with some assets routed through memecoins.

In a further attempt to obfuscate the trail, an entity laundering approximately $1.08 million from the Bybit hack launched Pump.fun memecoins .

The funds were initially bridged from USDC on Solana to BSC, split across over 30 addresses, and then consolidated and moved to multiple exchanges.

However, the platform has since responded by blocking the memecoins associated with the hackers.