The cryptocurrency exchange Bybit was reportedly hacked last night (21st) for about $1.47 billion worth of ETH and stETH, immediately causing an uproar in the community. According to reports, this "Bybit hacking incident" is the largest hacking incident in the history of cryptocurrencies. As for the details of the entire incident, Blockcast has compiled a series of lazy packs below for readers to quickly understand.
Chain analysts monitored the abnormal large-scale withdrawal from Bybit last night at 11 o'clock
After 11 o'clock last night, multiple chain analysts and researchers issued tweets warning that Bybit's exchange cold wallet had an abnormal withdrawal of a large amount of ETH and stETH to an unknown hot wallet, worth about $1.47 billion, immediately causing an uproar in the community. And at 23:44 yesterday, Bybit CEO Ben Zhou also posted a confirmation of the hack.
Ben Zhou said that the hacker used forged multi-signatures to control a specific ETH cold wallet signed by Bybit, and transferred all the ETH in the cold wallet to an unknown address. He assured users that all other cold wallets are safe, and the exchange's withdrawals are operating normally.
At the same time, Ben Zhou also stated that even if the losses caused by this hacker attack cannot be recovered, all customer assets are still supported by a 1:1 reserve, and Bybit can bear this loss.
CZ suggests Bybit to close withdrawals, causing an uproar in the community
Ben Zhou's confirmation also directly caused market panic, and Bybit immediately saw a wave of user withdrawals. Because the $1.47 billion worth of ETH was hacked, Bybit may not be able to make up for such a huge gap in the short term, which could lead to more serious financial problems (suspension of withdrawals, locking of related assets, etc.). Some community users even speculate that if not handled properly, it could eventually turn into a FTX version.
Binance founder CZ also gave his personal advice:
This is not an easy situation to deal with. I would suggest temporarily suspending all withdrawals as a standard security precaution. I'm happy to provide assistance if needed. Good luck!
However, the community unanimously believes that CZ's suggestion to suspend all withdrawals is a bad idea, and they criticize his suggestion, which may lead to an even greater user bank run. In this regard, the real-time news and program trader "Equation News" gave the following 3 suggestions to the Bybit CEO:
- Do not stop user withdrawals, otherwise it will accelerate the bank run. You can slow down this process, but do not stop it at all costs to avoid causing panic.
- Publicly display Bybit's balance sheet and state that you have sufficient funds to make up for the losses caused by the hacker attack.
- When you need it, you can contact large companies like Tether (not the CEO of competing exchanges). $1.5 billion is not a big problem in this cycle, handle it properly and save us all.
The funding gap reaches 500,000 ETH, how should Bybit make up for it?
In addition, according to data from Arkham, the hacker cashed out assets worth about $1.34 billion in ETH (499,395 ETH) and $42 million in cmETH (15,000 ETH), and distributed the funds across 53 addresses. Although the hacker holds a huge amount of ETH, they cannot dump it on the market in a short period of time, which has relieved market investors.
However, facing a 500,000 ETH funding gap, how should Bybit make up for it?
In this regard, the Bybit CEO said in a live broadcast early this morning: "We will not buy ETH to fill the gap, but are currently obtaining bridge loans (a short-term loan to help entities transition) from partners to make up for the stolen losses, and have already obtained nearly 80% of the stolen liquidity (ETH)".
Here is the English translation:However, community KOLs have questioned in a tweet how Bybit could borrow such a large amount of ETH. It is possible that only Binance or an institutional consortium could rescue it, but given Bybit's previous reputation issues, the KOL believes that institutions may not be willing to step in:
Bybit says it is borrowing ETH, not buying ETH. But at the end of the day, it still needs to be repaid, and Bybit's annual profit is not even $1.5 billion.
Who else could borrow 400,000 ETH (the current theft is around 500,000 ETH)? Except for Binance (BN), it would have to be a consortium of institutions. Yes, a single institution cannot save it, it would take several institutions to step in.
But considering that Bybit previously issued Bit and ruthlessly cut a wave, and the promised contract revenue injection was ultimately not fulfilled, I personally think Bybit's reputation is not very good with the institutions.
Now the top spot in spot trading volume is Binance, and the rising Bybit is second, so do you think anyone will step in to rescue it?
However, according to statistics from SosoValue and the latest monitoring data from the on-chain security team TenArmor, Bybit has received over $4 billion in inflows in the past 12 hours, enough to cover the $1.47 billion in stolen losses.
These inflows also include large ETH transfers from Bitget, MEXC, and related institutions and individuals.
Who is the hacker behind the incident and what was the attack method?
As for the true identity of the hacker, on-chain detective ZackXBT has confirmed in a series of submitted evidence that the mastermind behind the entire incident is the North Korean hacker group "LAZARUS GROUP".
Additionally, regarding the attack method of the entire hacking incident, cybersecurity expert Yu Xian also tweeted that the attacker first deployed a malicious contract on February 19, and on February 21, used the signatures of the three owners of the Bybit Safe multi-signature wallet to replace the Safe contract with a malicious contract, and finally operated through the malicious contract to steal the funds from Bybit's wallets.
The cold wallet team OneKey supplemented that the hacker most likely confirmed that the three multi-signature computers of Bybit had been compromised and had the conditions to attack. And they replaced the signing content during the daily transfer signing by the multi-signature staff.
The hacker has surpassed Vitalik and the Ethereum Foundation to become the "14th largest" Ethereum holder
It is worth mentioning that according to a tweet by Coinbase executive Conor Grogan, the amount of ETH stolen by the Bybit hacker (nearly 500,000) has made him the 14th largest ETH holder in the world:
The Bybit hacker (likely North Korean) is now the 14th largest ETH holder in the world.
They hold around 0.42% of the total ETH supply (around 120 million ETH), more than Fidelity, Vitalik, and even more than double the amount held by the Ethereum Foundation.
According to Arkham data, Ethereum founder Vitalik Buterin holds around 240,000 ETH, worth about $643 million; Fidelity custody wallet holds 334,000 ETH, worth about $843 million; and the Ethereum Foundation wallet holds 223,000 ETH, worth about $596 million.
Interestingly, the Ethereum Foundation's ETH holdings are even less than Vitalik's.
