Bybit Hackers Have Managed to Cash Out Approximately $300M of the Stolen $1.4B in Digital Assets, Despite Industry Efforts to Prevent Them

Reports suggest cybercriminals behind the Bybit hack have cashed out approximately $300 million of the $1.4 billion in digital assets they stole.

The hackers behind the Bybit hack have managed to cash out approximately $300 million of the $1.4 billion in digital assets they stole, despite industry efforts to prevent them. The hack, which is thought to be the biggest in crypto history, has sparked debate about how Web3 firms can prevent similar attacks in the future.

According to crypto investigator Tom Robinson, co-founder of Elliptic, the hackers, who are largely focused on evading security experts who are trying to block the stolen funds, have managed to siphon off 20% of the funds, which has now “gone dark.”

Reporting that his team can now see the hackers’ activity, which suggests they are working nearly 24 hours a day, Robinson added that “every minute matters for the hackers, who are trying to confuse the money trail, and they are extremely sophisticated in what they’re doing.”

As previously reported by Bitcoin.com News, the North Korea-backed Lazarus Group, which is thought to be behind the Bybit hack, successfully used an industry bug to swap some of the stolen ether (ETH) for more than 6,000 bitcoin (BTC).

The conversion to BTC, which is an autonomous cryptocurrency that renders it nearly impossible for Bybit to recover, is part of a wider effort by the hackers to liquidate the stolen cryptocurrency holdings.

However, North Korea’s alleged prowess in hacking and laundering, combined with the fact that the task was made more challenging by the carelessness of crypto firms, has made it difficult for security experts, who have identified $40 million of the stolen funds, to make significant progress.

What Web3 Firms Can Do to Prevent Hacks

The scale of the Bybit hack, as well as the apparent ability of the hackers to evade and outpace industry efforts to stymie them, has sparked debate about what steps Web3 firms should take to prevent similar attacks in the future.

Some, like Konstantin Stanislavsky, founder of crypto recovery firm TRM, believe the transparency and industry cooperation seen after the hack are the best ways to counter hackers.

“The crypto industry has come together in an unprecedented way to track the stolen funds and support the victims of this devastating hack,” said Stanislavsky.

However, critics assert that the fact the hackers, who are known to keep stolen funds for years before liquidating them, have already managed to cash out a third of the stolen funds in a short period of time undermines this argument.

Instead, others, like Nanak Nihal Khalsa, co-founder of Web3 identity firm Holonym, believe a technology like zero-knowledge proofs (ZKPs) could have prevented an attack that was attributed to blind signing vulnerabilities on Ledger hardware wallet devices.

Although it’s said to be the bedrock of many privacy-preserving protocols, Khalsa and others believe blind signing may be on borrowed time, and steps must be taken to get further ahead of criminals.

Pointing out how Holonym could have prevented the attack, Khalsa added that their Human Wallet has a feature that prevents blind signing by showing a human-readable transaction on a hardware wallet instead of the usual undecipherable data.

“This allows the user to make an informed decision about whether or not to approve the transaction. In the case of the Ledger hardware wallet, the hackers were able to blind sign a large transaction that went undetected. However, with Holonym’s Human Wallet, the user would have seen the transaction in plain English and would have been able to cancel it if they had chosen.”

Further stating that current solutions overpromise safety but underdeliver, Khalsa said ZKP solutions like Holonym’s can serve as the much-needed “shield” that keeps signers informed without jeopardizing speed or security.

While there is no broad consensus on how the industry moves on from what has been described as the biggest hack ever, ZKP proponents like Khalsa believe this technology can play a part in rebuilding trust in the industry.