After the hack, the total outflow of funds "fleeing" from the Bybit exchange has reached $5.5 billion.
Bybit faces a "bank run" wave after the largest crypto hack in history. Image: CryptoRank
Security incident shakes the world
As Coin68 has reported, Bybit - the world's second-largest cryptocurrency exchange - has just been attacked for over $1.5 billion, leaving the most serious consequences in human history.
Despite many hypotheses, Bybit has not yet been able to precisely identify the security vulnerability. According to CEO Ben Zhou:
Bybit's laptops were not compromised.
The signed transactions show no abnormalities.
The error may have come from the Safe cold wallet, but it is unclear whether it is due to Safe or Bybit's own system.
As of now, the exchange is still "drowning" in this crisis, especially the massive withdrawal of funds by users. The total outflow of funds from the exchange has exceeded $5.5 billion, according to data from defillama. The total monitored assets of the wallet cluster related to Bybit have decreased from around $16.9 billion to $10.9 billion at the time of reporting.
Total asset value in Bybit's wallet cluster. Source: DeFiLlama (23/02/2025)
In an X Spaces session, Bybit CEO Ben Zhou revealed that as soon as the hack was discovered, he immediately summoned the entire team to handle customer withdrawal requests and answer questions.
Zhou said the attack had drained 70% of the exchange's customer ETH in cold storage. To handle the sudden withdrawal demand, Bybit was forced to borrow to ensure liquidity. However, the surprising thing is that stablecoins, not ETH, are the assets that have fled the platform the most.
Bybit insists it has the ability to pay, but the situation has become more tense as Safe, the platform that provides smart contract wallets for exchanges, has temporarily disabled its wallet function to ensure safety. Among Bybit's reserves, $3 billion USDT was locked in the Safe wallet as soon as the incident occurred, further exacerbating the "bank run" situation.
For its part, Safe is certain that it has not found any evidence that its system has been compromised, but has temporarily disabled some functions as a precaution. Meanwhile, Zhou and the Bybit team had to race against time to withdraw $3 billion USDT, as more than $100,000 was withdrawn from the platform within the first two hours after the hack.
Develop an emergency plan
To control the situation, Ben Zhou instructed the security team to work with Safe to find the fastest way to withdraw funds. Finally, Bybit developed a new software based on Etherscan, manually verifying transaction signatures to transfer stablecoins to a backup wallet and continue processing customer withdrawal requests.
"The entire team has been working through the night to complete the transactions and ensure customers can withdraw their funds." - Zhou expressed.
Although the issue with the Safe wallet has been brought under control, Bybit still has to face a massive withdrawal, accounting for 50% of the total funds on the platform. After the incident, Bybit has moved a large amount of assets out of the Safe wallet and is looking for a safer alternative solution.
Consider the possibility of "rolling back" Ethereum
Bybit has reported the hack to the authorities. Zhou said the Singapore government is investigating and the attack may have been taken over by Interpol.
Bybit is also collaborating with blockchain analysis companies like Chainalysis to track the stolen funds. Zhou emphasized: "As long as Bybit is still operating and continues to monitor the stolen ETH, I hope we can recover this money."
Notably, Zhou revealed that some industry figures, including Arthur Hayes (co-founder of BitMEX), have proposed the "rollback" of the Ethereum blockchain to reverse the transactions and recover the lost funds.
.@VitalikButerin will you advocate to roll back the chain to help @Bybit_Official ?
— Arthur Hayes (@CryptoHayes) February 21, 2025
Zhou has had his team contact Vitalik Buterin and the Ethereum Foundation to seek a solution. However, he acknowledged that the "rollback" decision is not up to an individual, but requires the consensus of the entire community.
Technically, rolling back the Ethereum blockchain would be much more complex than Bitcoin, due to the system of smart contracts and state management on the network. If implemented, it would likely lead to a hard fork, splitting Ethereum into two separate networks and causing major controversy in the community.
Suspicion of Lazarus Group behind the hack
The Bybit hack is attributed to the Lazarus Group, a hacker group backed by the North Korean government. This group is known for sophisticated attacks, using various phishing tactics to steal massive amounts of funds from crypto platforms. Lazarus Group is also accused of being behind the $600 million hack on Axie Infinity's Ronin Network.
Arkham also announced that "on-chain detective" ZachXBT had collected enough evidence to show that the perpetrators behind the Bybit hack were the notorious Lazarus Group hackers and had rewarded him, while also sharing the evidence with the Bybit team to assist in the investigation. ZachXBT also linked the Bybit incident to the $70 million attack on the Phemex exchange in January, which was also allegedly carried out by the Lazarus Group.
Here is the English translation: — ZachXBT (@zachxbt) February 21, 2025TLDR myself and Josh from CF connected the Bybit hack on-chain to the Phemex hack
Although it is very difficult to recover money from the hacks of this group, the US law enforcement and Chainalysis were able to recover $30 million in September 2022.
"This is the first time that Cryptocurrency stolen by the Lazarus Group has been recovered, and it certainly won't be the last," - Erin Plante, Senior Director of Chainalysis, confirmed.
In addition, Elliptic has collaborated with Binance and Huobi to freeze $1.4 million in assets related to the $100 million hack of the Harmony Bridge in June 2022. However, the Lazarus Group still owns the majority of the spoils from previous hacks.
According to the FBI, the North Korean government is using this money to fund its ballistic missile and nuclear weapons programs.
Bybit Offers 10% Bounty on Recovered Funds
To increase the chances of recovering the stolen funds, Bybit has announced the "Recovery Bounty" program, committing to pay 10% of the value of the recovered assets to security experts or organizations that help restore this money.
If the entire stolen amount is returned, those who contributed could receive a total of $140 million, equivalent to the largest bounty reward in the crypto industry to date. Bybit encourages interested individuals and organizations to contact: bounty_program@bybit.com.
"We want to officially honor the community who has supported us with their expertise, experience, and assistance through the Recovery Bounty program," - Ben Zhou, CEO of Bybit, graciously requested.
In addition, a portion of the stolen assets has been recovered. On February 22, the mETH Protocol - Mantle's liquid restaking platform - confirmed that it had successfully retrieved 15,000 cmETH (equivalent to $43 million) from the Lazarus Group. Notably, the integration of an 8-hour withdrawal delay mechanism helped the security team promptly freeze the contract and prevent unauthorized transactions.
mETH Protocol Update Regarding Bybit Security Incident 👇
— mETH Protocol (@mETHProtocol) February 22, 2025
On February 21, 2025, we were informed of a Bybit security incident resulting in the unauthorized withdrawal of mETH and cmETH from the exchange. The attacker executed multiple transactions to move assets off the… pic.twitter.com/20ScHKhLAN
Additionally, Tether has also contributed by freezing 181,000 USDT related to the Bybit hack. In September 2024, Tether, along with three other stablecoin issuers (Paxos, Techteryx, and Circle), froze $5 million from wallets allegedly linked to the Lazarus Group hackers.
The stolen funds came from 25 different attacks targeting various blockchains. The hackers then withdrew the money by using peer-to-peer exchanges to launder the funds.
We just froze 181k USDt connected to the ByBit hack.
— Paolo Ardoino 🤖 (@paoloardoino) February 22, 2025
Might not be much but it's honest work.
We keep monitoring.
Kudos to @zachxbt
CZ, the founder of Binance, commented on the incident:
"Mt. Gox is the biggest hack in my worldview. $62 billion USD in today's prices. And I had a few BTC there. Haven't got anything back yet. 🤷♂️😂"
Mt. Gox is the biggest hack in my worldview. $62 billion USD in today's prices. And I had a few BTC there. Haven't got anything back yet. 🤷♂️😂
— CZ 🔶 BNB (@cz_binance) February 22, 2025
Overall, the Bybit hack is one of the largest attacks in crypto history, triggering a chain reaction with over $5.5 billion withdrawn from the exchange. Although Bybit has taken steps to mitigate the incident and maintain operations, the platform is still grappling with security challenges, customer trust, and the ability to change its asset storage infrastructure. The story is far from over, and the crypto community is closely following the developments.
Compiled by Coin68
