Meet the Top 101 in Crypto
News
3 min read

Crypto Payment Firms and OTC Desks Brace for Fallout as Stolen Bybit Funds Move Through the Market

Published 24 February 2025
Prashant Jha
Authors
Edited by Insha Zia

Key Takeaways

  • Crypto payment firms and OTC desks are ready to freeze stolen Bybit funds.
  • Various entities froze a total of $42.5 million.
  • Centralized and decentralized platforms are laundering the $1.5 billion fund.

Crypto payment firms and over-the-counter (OTC) desks are bracing for a sweeping freeze of stolen Bybit funds as the fallout from the $1.5 billion hack continues.

The stolen Ethereum (ETH) is being moved through various exchanges and tokens, raising concerns that some of these funds may inadvertently land in unsuspecting traders’ accounts.

Blockchain security firm Bitrace has warned that a crackdown is underway, which could result in large-scale account freezes and asset lockdowns.

Stolen Bybit Funds Frozen

Several platforms have already acted to contain the spread of stolen assets. Bybit reported that a total of $42.5 million had been frozen by various entities, including:

  • Tether: Flagged and froze 181,000 USDT.
  • THORChain: Blocked the hacker’s addresses.
  • ChangeNOW: Froze 34 ETH.
  • FixedFloat: Froze 120,000 USDC and USDT.
  • Avalanche: Froze 0.38755 BTC.
  • Coinexcom: Blocked the hacker’s addresses and provided key insights.
  • Bitget: Blocked blacklisted addresses and froze 84 USDT.
  • Circle: Assisted in tracing and provided critical data.

As hackers attempt to cash out through centralized exchanges, an increasing number of user accounts—both knowingly and unknowingly—are receiving stolen funds.

To curb the movement, stablecoin issuers and exchanges have begun freezing the business addresses of OTC merchants and payment institutions linked to illicit transactions.

Hackers Convert Stolen ETH Across Multiple Assets

The Bybit hackers believed to be the North Korean Lazarus Group, have begun shifting the stolen ETH into a variety of other cryptocurrencies, making it harder to track.

On-chain data from Lookonchain shows that the attacker first moved 10,000 ETH (worth $27 million) to one of several associated wallets before laundering the funds.

An additional $7 million was later transferred, with evidence linking the Bybit hack to a previous attack on Phemex.

On Feb. 23, the hacker funneled 5,000 ETH through eXch, a centralized mixing service, before converting the funds to Bitcoin via Chainflip.

Bybit requested that eXch block the transactions and assist in tracking the movement, but eXch made the request public and declined to cooperate.

A large share of the stolen funds has since been converted into Bitcoin (BTC), Dogecoin (DOGE), and Solana (SOL), with some assets routed through memecoins.

In a further attempt to obfuscate the trail, an entity laundering approximately $1.08 million from the Bybit hack launched Pump.fun memecoins.

The funds were initially bridged from USDC on Solana to BSC, split across over 30 addresses, and then consolidated and moved to multiple exchanges.

However, the platform has since responded by blocking the memecoins associated with the hackers.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status