Key Takeaways
- To incentivize recovery efforts, Bybit has offered a 10% reward—potentially up to $140 million—to anyone who can help retrieve the stolen assets.
- The Bybit hack alone accounts for more than half of the $2.3 billion lost in crypto-related breaches in 2024 so far.
Leading crypto exchange, Bybit is still dealing with the fallout from a $1.4 billion exploit that has become the biggest crypto heist in history. The attack, which took place on February 21, resulted in the theft of liquid-staked Ether (ETH), Mantle Staked ETH (mETH), and other digital assets.
As per blockchain analyst EmberCN, the hacker still holds about 363,900 ETH, or roughly $900 million, according to blockchain analyst EmberCN. The laundering process has been ongoing since the attack, and experts warn that if the current rate continues, the remaining stolen assets could be processed within the next 8 to 10 days.
Bybit has assured users that the platform remains solvent and that client funds are unaffected. In a statement, co-founder and CEO Ben Zhou confirmed that the exchange had already replaced the stolen $1.4 billion in Ether within 72 hours of the attack. “All client assets are backed 1-to-1, and we can cover the loss,” Zhou said. The rapid recovery was made possible through a mix of internal funds, loans, whale deposits, and new currency purchases.
The attack occurred when the hacker gained control of one of Bybit’s Ethereum wallets during a routine transfer between a secure offline wallet (cold wallet) and an online wallet (hot wallet).
Bybit responded by freezing suspicious transactions, locking down its systems, and working with cybersecurity firms to investigate the breach. Crypto trading platforms and brokerages also stepped in to support the exchange, collectively freezing over $42.89 million in transactions linked to the exploit.
Blockchain security firms, including Arkham Intelligence, suspect that North Korea’s Lazarus Group may be behind the attack. The hacking group has been linked to multiple high-profile crypto thefts, often using sophisticated laundering techniques to move stolen funds through decentralized finance (DeFi) protocols. Bybit has since ramped up its security measures and is actively collaborating with forensic experts to track and recover the stolen assets.
On-chain data indicates that in the past 24 hours alone, the hacker moved 45,900 ETH—worth approximately $113 million—bringing the total amount laundered to over 135,000 ETH, valued at $335 million.
On February 25, Bybit CEO Zhou publicly condemned the perpetrators, declaring “war” on the hackers. The company is also working closely with blockchain analytics firm Elliptic, which has identified over 11,000 cryptocurrency wallet addresses suspected of being connected to the exploit. The list is expected to grow as the investigation continues.
To incentivize recovery efforts, Bybit has offered a 10% reward—potentially up to $140 million—to anyone who can help retrieve the stolen assets. While the exchange has restored its reserves, the attack has raised concerns about centralised platforms’ vulnerability and the crypto industry’s broader security risks.
The Bybit hack alone accounts for more than half of the $2.3 billion lost in crypto-related breaches in 2024 so far.
