The $1.4 billion hack that rocked Bybit has sent shockwaves across the crypto industry, triggering a massive $5.3 billion exodus from the exchange. Yet, amid this turbulence, cybersecurity firm Hacken has assured users that Bybit’s reserves remain sufficient, highlighting the resilience of centralized exchanges in the face of major security breaches.
Bybit Withstands the Storm Despite Record-Breaking Hack
The Feb. 21 attack, now the largest crypto theft in history, saw hackers drain $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. However, despite the sheer magnitude of the breach, Bybit’s reserves still exceed liabilities, according to its independent Proof-of-Reserve (PoR) auditor, Hacken.
“Today’s hack was massive a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed,” Hacken stated in a Feb. 21 post on X.
Bybit Processes Over 350,000 Withdrawals in 10 Hours
Facing intense scrutiny, Bybit co-founder and CEO Ben Zhou reassured users that the platform was still fully operational. Bybit swiftly processed over 350,000 withdrawal requests within 10 hours, completing 99.9% of them by 1:45 am UTC on Feb. 22.
“Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), all Bybit functions remain operational. The whole team stayed awake all night processing transactions and addressing user concerns,” Zhou wrote in a statement on X.
Crypto Leaders Rally to Assist Bybit
The industry responded swiftly, with leading exchanges providing emergency liquidity support to Bybit. Notably:
- Binance transferred 50,000 ETH
- Bitget contributed 40,000 ETH
- Du Jun, co-founder of HTX Group, sent 10,000 ETH
This show of solidarity underscores the collective responsibility exchanges have in stabilizing the broader crypto ecosystem after major attacks.
Bybit Hack Accounts for Over Half of 2024’s Crypto Theft
With $2.3 billion stolen in crypto-related hacks in 2024, the Bybit breach alone accounts for more than half of the total losses. Analysts from Arkham Intelligence and blockchain investigator ZachXBT have traced the attack to the North Korean state-affiliated Lazarus Group, the same entity behind previous major exploits.
The attack methodology also resembles the $230 million WazirX hack and the $58 million Radiant Capital breach, leading experts to speculate on a pattern of increasingly sophisticated heists by Lazarus.
How the Hack Unfolded
According to Meir Dolev, co-founder of Cyvers, the attackers compromised Bybit’s Ethereum multisig cold wallet through a deceptive transaction. The breach tricked wallet signers into unknowingly approving a malicious smart contract logic change, allowing hackers to seize control and transfer all ETH holdings to an unknown address.
“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change”.
While Bybit’s cold wallet provider, Safe, was breached, the exchange’s internal systems remained unaffected, Zhou clarified in a subsequent X post.
A Broader Cybersecurity Threat
The attack raises deeper concerns about centralized exchanges’ vulnerability despite heightened security measures. Over the past year, North Korean hackers have been responsible for multiple high-profile breaches, including:
- $305 million DMM Bitcoin hack
- $50 million Upbit hack
- $50 million Radiant Capital hack
- $16 million Rain Management hack
Governments are taking notice. In a joint statement, officials from the U.S., Japan, and South Korea identified 15 North Korean operatives allegedly involved in laundering stolen crypto to fund North Korea’s nuclear weapons program.
What’s Next for Bybit and Crypto Security?
As Bybit regroups, Zhou has promised a full incident report and new security measures in the coming days. However, this breach underscores a stark reality even the most secure centralized exchanges remain vulnerable to sophisticated cyberattacks.
The Bybit hack is a wake-up call for the industry, pushing DeFi and CeFi platforms alike to fortify their security frameworks. The question now is whether exchanges can stay ahead of the next wave of attacks or if Lazarus and other cybercriminals will continue to outmaneuver the industry.
