Tron and Tether-backed T3FCU freezes over $9M from Bybit hack

The T3 Financial Crime Unit (T3FCU) has provided an update about the $1.5B North Korean hackers reportedly stole during the Bybit exploit. The crypto crime fighting team announced that they have successfully frozen $9M of the stolen funds. 

TRON, Tether, and TRM Labs came together to set up the T3 Financial Crime Unit in August 2024. The initiative focuses on identifying and disrupting illicit activities within the cryptocurrency space.

The unit works closely with global law enforcement agencies, and as such have played a vital role in freezing significant assets tied to various financial crimes.

Altogether, T3FCU has frozen about $36M linked to fraudulent investment schemes and $65M associated with money laundering operations. The collaborative crypto crime monitoring unit has also addressed cases involving blackmail and even illicit drug transactions.

T3FCU’s most recent investigation led to successfully freezing $9M related to the Bybit hack.

T3FCU has a lot of practice tailing North Korean hackers

The 3-company unit announced the $9M recovery on X. The official TRON account teased that the details of the investigation will be discussed in person at the Digital Chamber blockchain summit on March 26, 2025.

The announcement by T3FCU also acknowledged the efforts of blockchain analysts, ZachXBT and ZeroShadow. Zhou also previously thanked ZeroShadow, stating that the analyst was helping with blockchain forensics.

The T3 Financial Crime Unit (T3FCU) is earning its stripes as a force for combating crypto-related crime. Tracking crypto transactions can be especially challenging because of the anonymous nature of DeFi, and the difficulty increases by several degrees when it involves tracking and recovering stolen assets.

TRM shared a crypto crime report revealing that attackers stole $2.2B through hacks and exploits in 2024, a 17% increase from the amount stolen in 2023.

The crime report also mentioned that the North Korean hackers implicated in the Bybit heist were responsible for approximately 35% of all stolen funds last year, making away with $800M in stolen cryptocurrency in 2024.

Bybit continues to share updates about hack response

Observers hailed the Bybit team’s response as swift after the exchange suffered a security breach that resulted in the loss of approximately $1.5B worth of Ethereum (ETH) in February 2025.

On-chain analyses linked the breach to the Lazarus Group, a notorious state-sponsored hacking organization from North Korea. Similar to their previous attacks, the hackers rapidly laundered the stolen funds through mixers and masking techniques to obscure the funds’ path and complicate recovery efforts.

Bybit launched a bounty program, offering up to 10% of recovered funds to individuals or entities aiding the retrieval process. However, Zhou revealed that over a month after the heist, only 63 of the 5012 bounty reports were valid.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now