SynapTrack Traced the $1.5 Billion Bybit Hack with 98% Accuracy Using AI-Driven Blockchain Analysis
In March 2025, hackers stole 1.5 billion dollars worth of digital tokens from the Bybit cryptocurrency exchange in what became one of the largest single crypto thefts on record. The stolen funds were moved rapidly across multiple blockchain networks in a complex series of transactions designed to break the chain of custody and make tracing impossible.
A system called SynapTrack, developed by computer scientists at the University of Birmingham, traced the hacker's path through those transactions with 98% accuracy - using the Bybit theft as a real-world validation test. Presented at the Annual CyberASAP Demo Day in London, SynapTrack represents a new approach to the persistent problem of detecting money laundering in blockchain and cryptocurrency systems, where existing tools struggle with high false positive rates and limited cross-chain capabilities.
The Problem with Current Anti-Money Laundering Systems
Conventional anti-money laundering (AML) and counter-terrorist financing systems were designed primarily for traditional financial networks. When applied to blockchain transactions, they generate false positive rates of approximately 40% - meaning that nearly half of the flagged transactions require manual review by compliance professionals only to be cleared as legitimate. This volume of false positives creates significant operational burden for exchanges and financial institutions, produces backlogs in identifying genuinely suspicious activity, and diverts compliance resources from real threats.
The cross-chain problem makes this worse. Moving funds between different blockchain networks - from Ethereum to Bitcoin, for example, through intermediary services - is a common technique for obscuring transaction trails. Most existing tools are designed for single-chain analysis and lose track of funds that cross into different blockchain ecosystems. The Bybit hackers exploited exactly this capability, dispersing stolen funds across multiple chains in rapid succession.
How SynapTrack Works
SynapTrack uses a validated methodology to score the likelihood that any given transaction is part of a money laundering scheme, rather than producing binary flags. The scoring approach assigns probability estimates rather than simple alerts, which supports more calibrated decision-making by compliance teams.
The system incorporates a self-improving algorithm that continuously adapts to new tactics as they appear in real blockchain data. This adaptive capability is significant: money laundering techniques in cryptocurrency evolve rapidly as bad actors respond to detection methods, and a static rule-based system becomes less effective over time as its rules become known. Machine learning approaches that update from observed behavior can, in principle, keep pace with evolving tactics.
Universal cross-chain capability is built into the system's architecture, allowing it to follow funds as they move between different blockchain networks without losing track of the transaction trail. The system presents results through a compliance dashboard designed around how AML teams actually work, and requires no infrastructure changes for installation - a practical consideration for adoption by exchanges and financial institutions with existing systems.
Validation and Limitations
The 98% accuracy figure comes from applying SynapTrack to the specific case of the Bybit hack, where the ground truth - which transactions were part of the theft - can be established retrospectively with high confidence. This is a favorable testing environment: real-world deployment involves ongoing streams of transactions where ground truth is not known in advance, and where the ratio of criminal to legitimate transactions is much lower than in a dedicated theft-tracing exercise.
Performance on a single high-profile case, even at high accuracy, does not guarantee equivalent performance across the diverse range of money laundering patterns that exist in real financial systems. The development team is seeking exchanges, financial regulators, and law enforcement agencies to test the prototype in real-world conditions - the next step in validating whether the system's performance generalizes beyond the Bybit test case.
SynapTrack was developed by Dr. Pascal Berrang, whose research focuses on IT security and privacy on blockchain, artificial intelligence, and machine learning, alongside PhD student Endong Liu, whose doctoral research specifically addresses transaction tracing. Blockchain developer Nimiq contributed blockchain-specific insights and real-world knowledge of transaction patterns.
The Regulatory Context
Cryptocurrency exchanges and decentralized finance platforms face increasing regulatory pressure to implement effective AML controls. The Financial Action Task Force (FATF) travel rule, which requires exchanges to collect and transmit information about the parties to cryptocurrency transactions above certain thresholds, has been adopted in a growing number of jurisdictions. Enforcement of these requirements depends on detection tools that can identify suspicious patterns without generating the false positive volumes that make current tools operationally burdensome.
A system that substantially reduces false positives while maintaining or improving detection of genuine criminal activity would have significant commercial value in this regulatory environment, where compliance costs for cryptocurrency businesses have grown substantially alongside regulatory expectations.