According to on-chain analyst Ember, the Bybit hacker has suspended the transfer and washing of ETH since 3 pm yesterday, so only 14,300 ETH (US$32.2 million) were washed away in the past 24 hours. There are still 218,000 ETH (US$486.6 million) in the hacker's address.

Bybit purchased another 36,893 ETH ($87.5 million) through OTC 3 hours ago. In addition, Bybit has purchased a total of 212,101 ETH ($574 million) through OTC in the past 3 days.

Chainflip officially announced that after discussions with the team, community, liquidity providers, major interfaces using Chainflip, and most validator providers, it decided to prevent the illegal flow of Bybit hacker funds within the protocol through a protocol upgrade.

According to Ember’s monitoring, the Bybit hacker has laundered 89,500 ETH (US$224 million) in the past two and a half days, which is 18% of the total amount of ETH he stole (499,000).

Bybit tweeted that the mETH Protocol team provided crucial assistance in the recent security incident. Through quick action and effective coordination, the mETH Protocol team successfully recovered 15,000 cmETH tokens, worth approximately $43 million.

Bybit CEO stated that Bybit has fully filled the ETH gap and a new audited POR (Proof of Reserves) report will be released soon.

According to Lookonchain monitoring, since the hack, Bybit has obtained about 446,870 ETH (US$1.23 billion) through loans, whale deposits and ETH purchases. Currently, Bybit is close to making up for the funding gap caused by the hack.

According to Lookonchain monitoring, Bybit has purchased 266,694 ETH ($742 million) after being suspected of being hacked.

According to on-chain analyst Yu Jin, the Bybit hacker has sold 50,700 ETH (US$142 million) in exchange for DAI and other on-chain assets (BTC, etc.), and currently holds 448,600 ETH (US$1.26 billion). In addition, an address suspected to belong to Bybit or its affiliates (0x2E4...b77) bought a total of 157,600 ETH (US$441 million) through three brokers, Galaxy Digital, FalconX, and Wintermute, in the past two days and then transferred them to Bybit.

According to the official announcement, Bybit has launched a new API to update the blacklist of suspicious wallet addresses found so far. The API will simplify and speed up the recovery of compromised funds. Bybit will continuously update this list to ensure that network defenders and security partners can effectively intercept fraudulent activities. Successful interceptions will receive a 10% reward to strengthen its commitment to the security of the entire industry.

Non-KYC centralized exchange eXch denied allegations that it laundered money on behalf of the Lazarus Group in a forum post. “To hold a contrary opinion is simply the opinion of some who wish the fungibility and on-chain privacy of decentralized currencies to go away… These people have long hated decentralized cryptocurrencies.”

Bybit tweeted that through the coordinated efforts of multiple parties, it successfully froze $42.89 million of stolen funds in one day. The institutions that provided assistance included Tether, THORChain, ChangeNOW, FixedFloat, Avalanche Ecosystem, CoinEx, Bitget, Circle, etc.

Bybit CEO Ben Zhou tweeted, “At this moment, it’s not about Bybit or any entity, but our general attitude towards hackers as an industry. I sincerely hope that eXch can reconsider and help us stop the outflow of funds. We have also received help from Interpool and international regulators. Helping to stop these funds is not just helping Bybit.” Previously, eXch publicly released Bybit’s interception request email and refused to respond.

Yu Xian, the founder of SlowMist, tweeted that given that a large amount of ETH has been washed out through eXch and exchanged for BTC XMR, etc., all platforms should increase their risk control levels for funds coming from eXch.

After Bybit was hacked, some people asked why Ethereum could not "roll back" the blockchain to reverse the hacker attack. In response, Ethereum core developer timbeiko.eth published an article to explain that while Bitcoin was able to "roll back" its blockchain 15 years ago, today, the interconnected nature of Ethereum and the settlement of on-chain <> off-chain economic transactions make this problem difficult today.

Bybit CEO Ben Zhou was asked in Spaces on February 22 whether he supports rolling back the Ethereum blockchain to the state before the Lazarus Group hack on February 21. He responded: “I’m not sure if this is a decision made by one person. Based on the spirit of blockchain, maybe this should be a voting process to see what the community wants, but I’m not sure.”

On the evening of February 21, 2025 (Beijing time), Bybit exchange was attacked by APT, forging "blind signatures" to break through the multi-signature mechanism, resulting in the theft of nearly $1.5 billion in assets from cold wallets. As of 8 a.m. on the 22nd (Beijing time), the stolen assets were distributed in 51 addresses.

Chainflip, a cross-chain bridge, responded to the request of Bybit CEO on the X platform. It said: We have tried our best to deal with it, but as a decentralized protocol, we cannot completely block, freeze or redirect any funds. However, some front-end services have been closed to prevent the flow of funds.