The hacker behind the$1.4 billion Bybit exploit has already laundered more than half of the stolen Ethereum, primarily swapping it for Bitcoin via THORChain. Blockchain analysts report that over$614 million has been moved in just five days, pushing THORChain's daily transaction volumes from an average of$80 million to an astonishing$580 million. On 26 February alone, swaps reached a record$859 million.

The US Federal Bureau of Investigation has officially linked the attack to North Korean state-sponsored hackers, identifying it as part of a wider cybercrime operation. Security experts confirmed that Bybit's core infrastructure remained intact, with the breach traced back to a compromised developer machine that injected malicious code into the Gnosis Safe UI. While the attack targeted Bybit's cold wallet, the platform's smart contracts were not affected.

In response, Bybit has launched a dedicated website to track the movement of stolen funds and is offering a bounty to exchanges that assist in their recovery. The incident underscores a growing trend where hackers are shifting focus from exchanges themselves to the infrastructure providers that support them.