As earlier reported, Bybit announced via a post on X that unauthorized activity compromised one of its Ethereum cold wallets, a supposedly secure offline storage system.
The breach occurred during a transfer from the cold wallet to a warm wallet.
However, a sophisticated attack masked the signing interface, tricking users into approving a malicious transaction.
This allowed the attacker to alter the wallet’s smart contract logic, draining its funds to an unknown address.
Bybit’s co-founder and CEO, Ben Zhou, quickly reassured users that all other cold wallets remain secure.
He maintained that client funds are safe, with operations continuing normally.
– Advertisement –
However, the scale of the loss—over $1.4 Billion in Ethereum—has raised concerns about the exchange’s security measures and the broader vulnerabilities in the crypto space.
Zhou emphasized transparency, stating that the company is working with blockchain forensic experts to investigate and recover the stolen assets, while inviting collaboration from other experts to trace the funds.
How Crypto Exchanges are Coming Together?
In the wake of the hack, Bybit faced a surge in withdrawal requests, likened by Zhou to a “bank run,” as panicked users rushed to pull their funds.
To maintain liquidity and ensure it could honor these requests, Bybit secured a $172.5 million loan from various exchanges.
The loans included 40,000 ETH worth $107M from Bitget, 12,652 stETH worth $33.9M from a MEXC’s hot wallet and 11,800 ETH worth $31.6M from a Binance’s hot wallet
This financial support, described as a “bridge loan” by Zhou, covers about 80% of the lost Ethereum.
It is helping the exchange navigate the immediate crisis without needing to buy large amounts of Ethereum on the open market, which could further destabilize prices.
Bybit, which manages $20 Billion in assets, insisted it remains solvent and can cover the loss even if the stolen funds aren’t recovered.
The loan reflects a rare show of solidarity among crypto exchanges, as Bybit processes what it described as the highest number of withdrawals in its history—over 350,000 requests in just 10 hours, with 99.994% already completed.
This support emphasized on the industry’s recognition of the need for stability following such a high-profile attack.
ZachXBT Uncovers the Hack
Blockchain investigator ZachXBT identified the Lazarus Group, a notorious North Korean hacking collective, as the perpetrator behind Bybit’s $1.4 Billion loss.
The Lazarus Group has a long history of targeting cryptocurrency exchanges, with past attacks including the $620 Million Ronin Network hack in 2022 and a $41 Million theft from Stake.com in 2023.
ZachXBT’s findings, shared on X, provide detailed evidence tying the sophisticated methods used in the Bybit attack—such as masking the signing interface—to the group’s known tactics, including social engineering and exploiting smart contract vulnerabilities.
The U.S. government and cybersecurity experts have long tracked Lazarus for its role in billion-dollar crypto heists.
This revelation has heightened concerns about the ongoing threat posed by state-sponsored hackers in the cryptocurrency ecosystem.
As Bybit works to recover from this attack, the crypto industry faces a critical moment, with exchanges stepping up to support one another while confronting the persistent challenge of securing digital assets against advanced cyber threats.