Bybit was recently hit with the biggest hack we've seen since Mt. Gox – $1.4B in ETH is gone, and the on-chain trail is getting messier by the hour.

The crypto OGs are watching this like a train wreck in slow motion, while the industry is piecing together how to avoid it happening again in the future.

One unexpected actor, THORChain, is getting a lot of flack for its arguably unwitting role in the flow of funds. 

Where'd It All Go?

77% of the stolen ETH is still visible on-chain, according to Bybit's CEO.

Only 3% got frozen, and 20% went dark after passing through privacy tools – that means a fifth of the funds are probably gone forever. 

There’s nearly zero chance of recovery once funds hit certain mixers – the obfuscatory technology works incredibly well, but it’s ultimately amoral and mixes any deposited funds, including those stolen from exchanges. 

The hackers didn't waste time getting their ducks in a row – 83% of the stolen ETH is now BTC as they split it across nearly 7,000 wallets with 1.71 BTC each.

That's a classic distribution trick straight from the 2016 playbook – due to its liquidity and ubiquity, BTC remains undefeated for getting away with the bag.

THORChain Said "Thanks For The Fees"

THORChain just banked $5.5M in fees by processing 72% of the stolen funds.

No blacklisting, no freezing – pure DeFi in a way that’s sure to get the attention of global authorities. 

ExCH handled another 16% and told authorities to kick rocks when asked to help, and OKX's Web3 wallet got the remaining 8% before it all went poof.

THORChain devs pulled the classic "can't stop won't stop" defense, stating that their lack of admin keys and blacklist function means that the swap of all that stolen capital was simply rhe chain “working as intended."

CT is split between "that’s the brakes" reactions and "maybe some safeguards would be nice after all."

This is the classic DeFi paradox that nobody will likely be solving anytime soon.

Market Continues To Bleed

ETH dumped 13% while the hackers were busy swapping, with the market looking like May 2021 for a brief time – traders panic sold while whales quietly accumulated the dips.

Amazing how a $1.4B hack barely registers as news after a few days in this market.

Now, regulators are about to have a field day with this case study.

DeFi will continue to operate in a permissionless environment, with all the pros and cons that entails, while CEXs will likely be adding more KYC hoops in the wake of this recent hack.

Whoever these hackers are, they're officially in the crypto villain hall of fame for deepening this heated debate that really didn’t need more fuel for its fire. 

The Inevitable Future of Finance? 

We just watched $1.4B get stolen and laundered in 4K on a public blockchain – the big takeaway is that DeFi proved it can't (won't) stop the bad guys, exactly as designed.

Institutions watching this circus might think twice about jumping in, or the regulators might just force protocol operators hand should they not be as decentralzied as they claim. 

Meanwhile, everyone's checking their metamask permissions and dusting off those hardware wallets… just in case they become the next ByBit.