The recent Bybit and Phemex blockchain hacks have received further attention due to new data linking the two incidents.
On-Chain Transactions Link
Blockchain analyst ZachXBT identified a direct link between the Bybit and Phemex hacks. In a recent tweet, he highlighted how a common address, 0x33d057af74779925c4b2e720a820387cb89f8f65, was used in both breaches to commingle funds. The Bybit hack involved two major transactions on February 22, 2025, whereas the Phemex hacks involved corresponding movement on February 20, 2025. The attackers laundered the stolen funds through multiple intermediate wallets to avoid tracking before cashing them out.
Laundering Tactics and Use of Crypto Mixers
According to Wu Blockchain, the Lazarus Group moved the 5,000 ETH stolen in the Bybit exploitation to a new address and laundered them through the eXch mixer, a program aimed at anonymizing transaction trails. They further used cross-chain bridges like Chainflip to sell Ethereum in Bitcoin. Bybit CEO commented on the issue, urging cross-chain projects to cooperate in halting illegal transfers and preventing future laundering.
Response from Chainflip Labs and Industry Concerns
Chainflip Labs commented on the issue, affirming that although they acted swiftly, their decentralized platform cannot freeze or divert the funds. As a temporary measure, they deactivated several frontend features to slow the flow of the stolen assets. The incidents highlight the increasing sophistication of crypto attackers and the limitations of decentralized systems in stopping illegal activities.
The Bybit and Phemex hack incidents underscore the importance of robust security protocols in the crypto industry to combat increasing threats.
