news Bybit Hit by Crypto’s Worst Hack With Almost $1.5 Billion Stolen

[Cpvr]

• North Korean group Lazarus suspected by industry researchers
• Prices of Ether, Bitcoin and other tokens decline after theft
• Bybit, a major cryptocurrency exchange, has been hit by the largest crypto heist in history.
• Hackers drained approximately $1.5 billion in digital assets, far surpassing previous thefts in the sector, according to blockchain analytics firm Elliptic.
• The attack compromised Bybit's cold wallet, an offline storage system designed for security.

Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets, in what's estimated to be the largest crypto heist in history.

The attack compromised Bybit's cold wallet, an offline storage system designed for security. The stolen funds, primarily in ether, were quickly transferred across multiple wallets and liquidated through various platforms.

"Please rest assured that all other cold wallets are secure," Ben Zhou, CEO of Bybit, posted on X. "All withdrawals are NORMAL."

Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen crypto as it was moved to various accounts and swiftly offloaded. The hack far surpasses previous thefts in the sector, according to Elliptic. That includes the $611 million stolen from Poly Network in 2021 and the $570 million drained from Binance in 2022.

Analysts at Elliptic later linked the attack to North Korea's Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the cryptocurrency industry. The group is known for exploiting security vulnerabilities to finance North Korea's regime, often using sophisticated laundering methods to obscure the flow of funds.

"We've labelled the thief's addresses in our software, to help to prevent these funds from being cashed-out through any other exchanges," said Tom Robinson, chief scientist at Elliptic, in an email.

The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency. Zhou said outflows had stabilized. To reassure customers, he announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.

The Lazarus Group's history of targeting crypto platforms dates back to 2017, when the group infiltrated four South Korean exchanges and stole $200 million worth of bitcoin. As law enforcement agencies and crypto tracking firms work to trace the stolen assets, industry experts warn that large-scale thefts remain a fundamental risk.

The more difficult we make it to benefit from crimes such as this, the less frequently they will take place," Elliptic's Robinson wrote in a post.

Source: https://www.cnbc.com/2025/02/21/hac...from-exchange-bybit-biggest-crypto-heist.html

 

[Harsh World]

"Please rest assured that all other cold wallets are secure," Ben Zhou, CEO of Bybit, posted on X. "All withdrawals are NORMAL."

Well, that's reassuring to know after they lost $1.5 billion!

I'm hoping they have insurance and can purchase it back, because good luck tracking it down on exchanges and them willingly returning it. It's probably washed and in cold wallets by now.

The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency. Zhou said outflows had stabilized. To reassure customers, he announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.

If they didn't insure it, that would be a hefty debt to pay. Fees will have to be adjusted to just make interest payments on that with the current lending rates.

Since it was a cold wallet, I have to assume that they had the strongest passphrase possible, which could never be cracked in a million years using even the largest botnet. I'm wondering if they have access to quantum computers now and this will be a reoccurring theme with North Korea to fund itself as they're essentially cut off from the outside world. China has one, did they give the tech to North Korea or let them use it?

 

[gwolf666]

I can't believe this has happened to such a large exchange, but according to the owner, bybit has enough capital to return the money that has been stolen, let's hope that's the case.

 

[Heatman]

They have a suspect who's also wanted by the FBI for the hack. It's the craziest hack the cryptocurrency world have experienced. I'm shocked this didn't destroy Bybit.

Other cryptocurrency exchange have crashed for a lesser hack.



Why does it look Ethereum is a cursed?

 

[gwolf666]

I wouldn't be surprised at all if it's him, he has an absolutely suspicious face.

 

[Alamson]

It is a great loss. It is difficult to recover it even after tracing it because these hackers know how to remain anonymous and obscure any trail. And this money would have passed through many wallets across multiple jurisdictions.

 

[Cpvr]

In the wake of the largest exchange hack in crypto history, Singapore-based crypto exchange Bybit has announced a recovery bounty program, offering security researchers and organizations 10% of any funds recovered from the hack.

Should the $1.4 billion in stolen funds be fully recovered, the contributors could share up to $140 million, which would constitute the largest such bounty ever awarded.

"We want to officially reward our community who lent us their expertise, experience and support through the Recovery Bounty Program," Bybit co-founder and CEO Ben Zhou said. "Bybit is determined to rise above the setback and fundamentally transform our security infrastructure, improve liquidity, and be a steadfast partner to our friends in the crypto community."

Bybit encourages individuals and organizations interested in participating in the recovery program to contact bounty_program@bybit.com.

Crypto analytics firm Arkham awardedpseudonymous security researcher ZachXBT with a bounty of 50,000 ARKM (about $34,000) for linking the Lazarus Group to the attack on Friday. The Lazarus Group has already begun to launder 5,000 ETH (about $13.7 million), according to ZachXBT.

Two recoveries have already been reported: mETH Protocol announced it had stopped a withdrawal of 15,000 cmETH, worth about $43.5 million, and moved the funds from the hacker's address to a recovery address. Tether CEO Paolo Ardoino said his organization froze $181,000 USDT connected to the hack.

Lazarus Group's hacking history​

The hack has been attributed to North Korean state-sponsored hacking organization Lazarus Group, which often leverages sophisticated phishing schemes in attempts to score massive payouts from large hacks.

Lazarus Group was previously blamed for the $600 million hack of the Ronin Network used by crypto project Axie Infinity. While it has been historically difficult to recover funds from Lazarus Group attacks, security firm Chainalysis and U.S. law enforcement were able to recover $30 million worth of stolen funds in Sep. 2022.

"This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote in a blog post at the time.

Security firm Elliptic also collaborated with exchanges Binance and Huobi in Feb. 2023 to freeze $1.4 million in assets linked to the June 2022 $100 million exploit of the Harmony's Horizon bridge, which was likewise attributed to the Lazarus Group.

Despite occasional successful recoveries, the Lazarus Group has seemingly held on to the majority of its stolen funds. The FBI alleges that the North Korean government uses the proceeds from Lazarus Group hacks to fund its ballistic missile and nuclear weapons programs.

Source: https://www.theblock.co/post/342830...sts-in-recovering-funds-from-1-4-billion-hack

 

[Heatman]

In the wake of the largest exchange hack in crypto history, Singapore-based crypto exchange Bybit has announced a recovery bounty program, offering security researchers and organizations 10% of any funds recovered from the hack.

Should the $1.4 billion in stolen funds be fully recovered, the contributors could share up to $140 million, which would constitute the largest such bounty ever awarded.

"We want to officially reward our community who lent us their expertise, experience and support through the Recovery Bounty Program," Bybit co-founder and CEO Ben Zhou said. "Bybit is determined to rise above the setback and fundamentally transform our security infrastructure, improve liquidity, and be a steadfast partner to our friends in the crypto community."

Bybit encourages individuals and organizations interested in participating in the recovery program to contact bounty_program@bybit.com.

Crypto analytics firm Arkham awardedpseudonymous security researcher ZachXBT with a bounty of 50,000 ARKM (about $34,000) for linking the Lazarus Group to the attack on Friday. The Lazarus Group has already begun to launder 5,000 ETH (about $13.7 million), according to ZachXBT.

Two recoveries have already been reported: mETH Protocol announced it had stopped a withdrawal of 15,000 cmETH, worth about $43.5 million, and moved the funds from the hacker's address to a recovery address. Tether CEO Paolo Ardoino said his organization froze $181,000 USDT connected to the hack.

Lazarus Group's hacking history​

The hack has been attributed to North Korean state-sponsored hacking organization Lazarus Group, which often leverages sophisticated phishing schemes in attempts to score massive payouts from large hacks.

Lazarus Group was previously blamed for the $600 million hack of the Ronin Network used by crypto project Axie Infinity. While it has been historically difficult to recover funds from Lazarus Group attacks, security firm Chainalysis and U.S. law enforcement were able to recover $30 million worth of stolen funds in Sep. 2022.

"This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote in a blog post at the time.

Security firm Elliptic also collaborated with exchanges Binance and Huobi in Feb. 2023 to freeze $1.4 million in assets linked to the June 2022 $100 million exploit of the Harmony's Horizon bridge, which was likewise attributed to the Lazarus Group.

Despite occasional successful recoveries, the Lazarus Group has seemingly held on to the majority of its stolen funds. The FBI alleges that the North Korean government uses the proceeds from Lazarus Group hacks to fund its ballistic missile and nuclear weapons programs.

Source: https://www.theblock.co/post/342830...sts-in-recovering-funds-from-1-4-billion-hack

The only thing I am interested in all this madness that is going on with the hack of Bybit and Ethereum on the exchange is that those who are making use of the platform have their assets safe and none of them have lost their money.

 

[Ja sa bong]

Bybit have bought back almost the amount of Ethereum hacked off their system. It was a very quick one from them but I can't help it think the current dip cryptocurrency have been experiencing since yesterday is being influenced by cryptocurrency exchange.

 

[Cpvr]

Bybit have bought back almost the amount of Ethereum hacked off their system. It was a very quick one from them but I can't help it think the current dip cryptocurrency have been experiencing since yesterday is being influenced by cryptocurrency exchange.

they actually had to use emergency loans for the funds. They haven’t brought back anything from the network.

https://twitter.com/x/status/1894095767272382641

• Following a hack last week, crypto exchange Bybit said it replenished its reserves through a mix of emergency loans and large deposits.
• The company secured nearly 447,000 ether tokens through emergency funding from firms such as Galaxy Digital, FalconX and Wintermute.
• A new proof of reserves audit conducted by cybersecurity firm Hacken confirmed that Bybit had successfully restored its reserves.

Bybit said it replenished its reserves following a $1.5 billion hack last week, the largest in the history of the crypto industry.

In less than 72 hours, Bybit pieced together hundreds of thousands of ether tokens through a mix of emergency loans and large deposits. While the rapid recovery restored the exchange’s balance and kept customer withdrawals open, it did not account for the stolen crypto.

https://www.cnbc.com/2025/02/24/bybit-replenished-reserves-after-record-breaking-1point5-billion-hack.html

 

[Cpvr]

North Korean Lazarus hackers stole $1.5 billion from Bybit by compromising a Safe{Wallet} developer machine. The attack involved injecting malicious JavaScript into Safe{Wallet}'s infrastructure, targeting Bybit's Ethereum Multisig Cold Wallet. The hackers manipulated a scheduled transfer, redirecting funds to their address. Investigations confirmed Lazarus' involvement, linking the attack to prior crypto heists. Safe{Wallet} has since enhanced security measures, while Bybit restored reserves and remains solvent despite the loss.

Source: https://www.bleepingcomputer.com/ne...t-via-breached-safe-wallet-developer-machine/

 

[Harsh World]

The current downtrend on ETH makes me suspect that it may have not been purchased, and that it was shorted heavily after the hack, which could benefit a repurchase at a lower rate, but also making people a ton of money on its downfall.

 

[Heatman]

The current downtrend on ETH makes me suspect that it may have not been purchased, and that it was shorted heavily after the hack, which could benefit a repurchase at a lower rate, but also making people a ton of money on its downfall.

It is not only Ethereum that is currently in a downtrend because BTC is also experiencing the same time. The hack is definitely having a massive effect in the cryptocurrency market but these exchange sites are not going to openly admit it.

 

[Harsh World]

It is not only Ethereum that is currently in a downtrend because BTC is also experiencing the same time. The hack is definitely having a massive effect in the cryptocurrency market but these exchange sites are not going to openly admit it.

It's likely connected because they might be washing it into other cryptos. The $1.5 billion has to come from somewhere, whether sellers (that takes it down) or new liquidity (buyers that keep it stable or take it back up).

I imagine that Bybit didn't immediately purchase the hacked crypto on the open market, otherwise, that would've caused a surge. The news would've pushed it down, allowing them to buy it back for less than $1.5 billion. However, they could have bought "phantom" ETH to replace it at fixed prices/contracts, to be delivered at certain prices or dates, by big ETH holders. That way, they still have the ETH on the books and could always call someone up for a transfer of X if they needed to replenish for a user(s) withdraw. And, it wouldn't affect the ETH price other than what's probably happening with ETH (and BTC) washing the stolen funds.

 

[Heatman]

It's likely connected because they might be washing it into other cryptos. The $1.5 billion has to come from somewhere, whether sellers (that takes it down) or new liquidity (buyers that keep it stable or take it back up).

I imagine that Bybit didn't immediately purchase the hacked crypto on the open market, otherwise, that would've caused a surge. The news would've pushed it down, allowing them to buy it back for less than $1.5 billion. However, they could have bought "phantom" ETH to replace it at fixed prices/contracts, to be delivered at certain prices or dates, by big ETH holders. That way, they still have the ETH on the books and could always call someone up for a transfer of X if they needed to replenish for a user(s) withdraw. And, it wouldn't affect the ETH price other than what's probably happening with ETH (and BTC) washing the stolen funds.

I was discussing with a fellow cryptocurrency enthusiast when the hack went down, he was saying Bybit locked the stolen ETH making it impossible for the hackers to use it. I laughed it over because I know that one way or another, they are going to get the money out of the exchange. Bybit was just quick to crisis management, it was why this didn't pull down the exchange because $1.5 billion of stolen assest isn't small.

 

[Harsh World]

he was saying Bybit locked the stolen ETH making it impossible for the hackers to use it

How? It's already been shown to be transferred to various wallets.

It's already getting "cleaned".

It's useable.