Bybit, a major Dubai-based cryptocurrency exchange, has notified that hackers have stolen digital assets worth over $1.5 billion in what is estimated to be the biggest crypto heist to date.
According to an X post by its founder Ben Zhou, the attackers compromised Bybit’s cold wallet containing 70% of its Ethereum-based (ETH) tokens, worth approximately $1.4 billion. The stolen tokens, primarily in Ether, were quickly transferred to multiple wallets and through cold mixers to obscure transactions and then sent to decentralized exchanges to be converted into other coins or liquidated for cash.
The value of ETH declined by 4.5% within an hour of the exploit. The hack instilled fear among investors who were concerned about the market crashing and burning, which led to many exiting their ETH positions. ETH went from $2,800 to $2,300 within 12 hours of the Bybit hack. Bybit immediately sought to reassure its customers that their cryptocurrency holdings were safe, with Zhou promising to refund all those who were affected by the hack, even if the stolen funds could not be retrieved. Bybit claims to hold enough crypto and cash reserves to make its clients whole.
Who Is Responsible For The Hack?
According to The Federal Bureau of Investigation (FBI), the latest attack was orchestrated by North Korea’s infamous Lazarus Group. For over 10 years, the group has been responsible for terrorizing Western companies with a series of cyberattacks that have cost them billions of dollars. Blockchain analytics firm Elliptic considers the group to be the most sophisticated and well-resourced launderers of crypto assets in existence. Lazarus was behind the infamous Ronin Bridge hack from 2021 when over $600 million in various cryptocurrencies were stolen from a token bridge. The group works for the North Korean Government to source funds for its Military research, as the country is heavily sanctioned by the U.S. and isolated from the global financial system.
How Did The Hack Happen?
Bybit said the hack took place when the exchange was making a routine transfer, moving Ether from its cold wallet to its warm wallet to provide liquidity for its daily trading activities.. The attackers were able to hijack this transaction taking place on its multi-sig wallet by tricking the signees into approving a malicious transaction that moved the funds into the hackers’ wallet. Lazarus Group hackers quickly moved the stolen funds through coin mixers and multiple wallets to obscure transactions.
The $1.5 billion heist amounts to more than half of the total crypto stolen throughout 2024.
How Did The Attack Affect Bybit?
Upon hearing the news about the hack, investors panicked and started withdrawing their funds, and the value of Ethereum fell by 4% from $2,800 to $2,641.41 in a matter of hours. However, the price for the token quickly stabilized as investors saw that the exchange was able to handle the situation without leading to a liquidity crisis.
Bybit also managed to recover the losses by borrowing $1.4 billion in liquidity from other exchanges and whales while allowing customers to withdraw their funds without delay.
What Did Bybit Have To Say After The Attack?
Bybit quickly acted to reassure investors that their cryptocurrency holdings were safe, while Ben Zhou wrote a post on X notifying the customers that all other wallets were safe and there were no reasons to panic, adding that all withdrawals were normal. In another post, he wrote that the company is solvent and could refund all those who were affected. Zhou stated that the company held $20 billion in customer assets, and would be able to refund any unrecovered funds itself or through loans from partnering companies like Binance and Bitget.
The company has called on the brightest minds in cybersecurity and cryptocurrency analytics to help retrieve the lost funds and is offering a 10% bounty from the lost sum, amounting to $140 million, if it can be successfully recovered. On-chain investigators also found the addresses that received the stolen funds, which led to multiple trading platforms blacklisting to freeze the assets.
Final Thoughts: Will The Stolen Funds Be Retrieved?
As per Bybit, the company is trying its best to recover the hacked funds. Despite the exchange failing to retrieve any of the stolen assets, it managed to replenish its lost 400,000 ETH reserve by securing emergency loans, whale deposits, and currency purchases to make customers whole. Bybit’s partners have frozen $42 million of the stolen funds across various platforms.
The exchange holds reserves worth $20 billion and claims to be liquid enough to handle the situation. The case is still developing and we will be providing more updates through future content.
