How I Traced the Bybit $1.5B Hack On-Chain (And Built a Tool to Do It)

ChainHint — Thu, 09 Apr 2026 20:58:57 +0000

Every time a major crypto hack happens — Bybit ($1.5B), Ronin ($625M), WazirX ($235M) — the funds move on-chain in plain sight. The entire trail is public. Anyone can see it on Etherscan.

But following that trail across multiple hops, multiple chains, through mixers and bridges? That requires tools that cost $30K+/year.

So I built ChainHint.

What it does

Multi-hop BFS fund tracing across 11 EVM chains + Bitcoin, Solana, TON
Real-time OFAC sanctions screening via Chainalysis integration
Mixer & Tornado Cash detection
Entity resolution across 3.9M+ labeled addresses (CEX, DEX, bridges, known exploiters)
AI-powered incident reports with MITRE ATT&CK threat mapping
Wallet monitoring with automated alerts

The stack

Frontend: Lovable (React)
Backend: Supabase (PostgreSQL + Edge Functions + pg_cron)
Tracing: Moralis BFS + Bitquery GraphQL V2
Entity data: Arkham Intel API + Dune Analytics + dawsbot/eth-labels
AI reports: Claude API (Haiku) with MITRE ATT&CK prompting
Payments: NOWPayments (no Stripe in Ukraine)

The hard parts

The trickiest problem was entity resolution at scale. We ingest labeled addresses from multiple sources, normalize them (BTC addresses can't be lowercased — learned that the hard way), and resolve them in real-time during tracing.

The second hard part: Arkham's API has aggressive rate limits. We ended up with a 3s timeout per request, max 10 concurrent lookups, and careful error distinction between timeouts and network errors.

Try it

Free tier available at https://chainhint.com

Happy to answer questions about the forensics approach, the BFS algorithm, or the Supabase edge function architecture.

DEV Community: ChainHint

How I Traced the Bybit $1.5B Hack On-Chain (And Built a Tool to Do It)

What it does

The stack

The hard parts

Try it