Crypto exchange Bybit lost $1.4 billion in Ethereum on February 21 when hackers tricked the company’s security team during a routine wallet transfer.
The hack targeted one of Bybit’s cold storage wallets, which held about 401,347 ETH. The company’s other wallets stay safe and working. The stolen amount makes up about 0.42% of all Ethereum in existence – more than what the Ethereum Foundation or its creator Vitalik Buterin owns.
“Our client funds are backed one-to-one. We can cover any losses,” said Bybit CEO Ben Zhou in a public statement. The exchange has over $16 billion in total reserves.
Recovery Efforts and Industry Response
Bybit now offers a bounty worth up to $140 million to anyone who helps get the money back. Security experts who track down the stolen crypto could earn 10% of what they recover.
The crypto community jumped in to help right away. Major players like Antalpha Global, Bitget, Pionex, and MEXC joined the recovery effort. Big trading firms like Wintermute, Cumberland, and GSR Markets kept trading on Bybit, which helped stop market panic.
Blockchain security companies quickly blacklisted the hacker’s wallet addresses. This makes it harder for thieves to move or sell the stolen crypto.
How the Hack Worked
Early studies point to the Lazarus Group, a North Korean hacking team, as the likely culprits. The group has stolen billions from other crypto companies, including $625 million from Axie Infinity in 2022.
The hackers pulled off the theft by showing Bybit’s staff fake screens during a normal money transfer. While the staff thought they were moving funds between wallets, they were actually giving the hackers control.
The attack targeted Bybit’s multi-signature system, which needs several people to approve big transfers. The hackers tricked every person who needed to sign off. They made the transfer look normal, showing the right wallet addresses and websites.
Where the Money Went
The stolen money now sits in 53 different crypto wallets. Most wallets hold about 10,000 ETH each. Blockchain watchers can see these funds but can’t stop them from moving.
So far, no one has gotten their money back from past Lazarus Group attacks. The group often waits years before trying to cash out stolen funds. A 2022 study found they still held $55 million from hacks done six years earlier.
Bybit’s Response
Despite the hack, Bybit keeps running. The exchange handled over 580,000 withdrawal requests in the day after the attack. They also got a bridge loan to help process ETH withdrawals.
“Within 24 hours, we got amazing support from the best people in crypto,” Zhou said. “We’re going to learn from this and make our security even stronger.”
The company’s security team locked down their systems right away and started working with top cybersecurity firms. They set up a 24/7 response team to track the stolen funds and work with law enforcement.
Industry Leader’s Response
Former Binance CEO Changpeng Zhao (CZ) pointed out a worrying pattern in recent crypto hacks. He noted that hackers have stolen large amounts from several exchanges’ cold storage systems, including Bybit, Phemex, and WazirX. What makes these attacks more concerning, CZ explained, is that each exchange used different security systems, yet the Lazarus Group managed to break through them all.
CZ praised Bybit CEO Ben Zhou’s handling of the crisis, particularly his open communication with users. He suggested that exchanges should consider pausing withdrawals after such attacks to check their systems thoroughly. However, he supported Zhou’s decision to keep withdrawals running, noting that each situation needs its own approach based on the specific circumstances.
Impact on the Industry
This marks the biggest crypto theft in history. The hack shows that even major exchanges with strong security can fall prey to skilled attackers who trick their staff.
In 2024, hackers stole over $2.2 billion from crypto platforms. This latest attack proves that crypto companies need even better security systems, especially against social engineering attacks that target people rather than code.
Bybit’s quick response and strong financial position helped prevent wider market problems. Their ability to keep processing withdrawals and cover losses shows how major crypto exchanges have built better safety nets since earlier crypto crashes.
The attack also sparked new cooperation among crypto companies. Their quick team-up to track stolen funds and stop them from moving shows how the industry can work together when faced with major threats.
