Community Investigation

Bounty King: Investigation Series : Bybit Security Breach, $1.4 Billion Stolen Asset Analysis [Live Tracking Updated]

BountyKing

BountyKing

2025.02.22

view157

Bounty King: Investigation Series follows a team of skilled investigators as they navigate the dark world of cybercrime, uncovering hidden digital trails and solving complex mysteries with the power of AI and blockchain technology. Each case takes them deeper into the realm of online fraud, crypto hacks, and digital heists, where bounties fuel the relentless pursuit of truth. With every investigation, they piece together the puzzle—tracing lost assets and exposing the individuals behind the screens. It’s a journey of persistence, intelligence, and teamwork, where every clue brings them one step closer to justice in an ever-evolving digital landscape.


Live tracking updated!


The stolen ETH is currently being laundered, and the activity is being monitored in real-time through the Bybit Hack 2025 live dashboard.


Live Tracking Dashboard


Monitoring is free—anyone can sign in with a Google account to view the data.



1. Overview of the Incident

On February 21, 2025, Bybit, a leading cryptocurrency exchange, suffered a major security breach, resulting in the theft of approximately $1.4 billion in digital assets. The attackers compromised one of Bybit’s Ethereum cold wallets, which are typically offline and considered more secure than hot wallets.


Due to the urgency of the situation, our immediate priority is tracking the stolen funds. Below are the hacker’s main consolidated addresses.


The primary address distributed 401,347 ETH is:

0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2 (Referred to as Hacker 1)


The secondary address distributed 98, 048.8948 ETH  ETH is :

0xa4b2fd68593b6f34e51cb9edb66e71c1b4ab449e (Referred to as Hacker 2)


2. Breakdown of the Stolen Assets

The following amounts have been confirmed as stolen:

  • 401,347 ETH (~$1.12 billion)
  • 90,376 stETH (~$253.16 million)
  • 15,000 cmETH (~$44.13 million)
  • 8,000 mETH (~$23 million)


3. Transaction Analysis of Hacker

  • Address: 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2
  • Total distributed: 400,001 ETH
  • Transaction breakdown:
  • 40 transactions of 10,000 ETH each
  • 1 transaction of 1 ETH
  • Total of 41 transactions
  • Timeframe of initial movements:
  • Earliest transaction: 2025-02-21 14:29:47 (UTC)
  • Latest transaction: 2025-02-21 15:54:23 (UTC)
  • Total duration: approximately 1 hour and 30 minutes


Among these transactions, 1 ETH was transferred to Hacker 2.



For Hacker 2,


A total of 98,048.75 ETH was first transferred to the address 0xdd90071d52f20e85c89802e5dc1ec0a7b6475f92. Following this, the funds were redistributed in 10,000 ETH increments through multiple transactions.

The transactions were concentrated within the timeframe of 16:04:23 to 16:05:11 (UTC).

It appears that the activity in Hacker 2's wallet began after the transactions from Hacker 1 were completed.



Given the current fund movement pattern, it is highly likely that the stolen assets will be deposited into Tornado Cash for obfuscation.

We will continue our investigation.

Join the Support! 🚀

0 CBP(≈$0)Donated So Far

post_like5
post_total_comment4

Show Your Support!

You are about to donate to the BountyKing. Supporting great contributions helps strengthen our community.

Your current CBP0
Donation Amount
cbpCBP

Donations are final and cannot be refunded. Thank you for supporting the ChainBounty community!

0/500 bytes
Load more 4 comments
chainbounty-logo

Signing in progress...

Please sign your wallet messages to ensure a secure connection.