#钱包活动洞察 If the hacker successfully stole 400,000 WETH (about $1.2 billion, assuming the ETH price is around $3,000), these funds may have been transferred to multiple large wallet addresses. On-chain analysis tools such as Etherscan or Chainalysis may show that funds flowed from Bybit's known addresses to newly created anonymous addresses.

Hackers usually transfer assets in batches to mixing services (such as Tornado Cash's successor) or cross-chain bridges (such as LayerZero) to cover their tracks. This activity may appear as a short-term activity of multiple medium-sized addresses (holding 10,000-50,000 ETH), followed by silence.

Exchange response:

Bybit may transfer funds from other large cold wallets (such as addresses holding more than 500,000 ETH) to fill the gap. Abnormally large transfers (such as from cold wallets to hot wallets) shown in on-chain data may be a sign of its response.

If Bybit uses its reserves to repurchase ETH, it may lead to whale-level buying behavior in the market, pushing up the price of ETH