Bybit is making a strong comeback after a $1.4 billion crypto heist, quickly replenishing nearly half of its Ether reserves.
Bybit’s Ether reserves plunged after the Feb. 21 hack, which drained over $1.4 billion worth of liquid-staked ETH (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. However, within just two days, the exchange replenished its ETH holdings to nearly 50% of pre-hack levels, according to CryptoQuant data.
As of 8:52 am UTC, Bybit held 201,600 Ether, approximately 45% of the 439,000 ETH it held before the attack. At its lowest point post-hack, Bybit’s reserves had dropped to just 61,000 ETH.
A significant portion of this recovery was driven by spot buying. According to Lookonchain, Bybit purchased 106,498 ETH worth $295 million in over-the-counter (OTC) trades to reinforce its liquidity and user confidence.
Crypto Industry Steps Up with Emergency Support
Bybit’s recovery wasn’t a solo effort. Crypto industry leaders and exchanges swiftly provided emergency assistance:
- Binance transferred 50,000 ETH
- Bitget contributed 40,000 ETH
- Du Jun, co-founder of HTX Group, sent 10,000 ETH
This collective response underscores the industry’s commitment to maintaining stability even in the aftermath of the biggest hack in crypto history.
Bybit Handles $400M in Emergency Loans, Maintains User Trust
Despite the massive attack, Bybit remained fully operational, processing over 350,000 withdrawal requests within 10 hours, completing 99.9% of them by 1:45 am UTC.
To strengthen its reserves, Bybit secured nearly $400 million in emergency loans, including $127 million from Binance whales and $53 million from a single whale wallet, per Lookonchain.
Proof-of-Reserves: Bybit’s Funds Remain Fully Backed
Despite the $5.3 billion drop in total assets, Bybit’s exchange reserves still exceed its liabilities. The exchange’s independent Proof-of-Reserve (PoR) auditor, Hacken, confirmed:
“Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed.”
Unmasking the Attack: Lazarus Group’s Fingerprints
Blockchain security firms, including Arkham Intelligence and on-chain analyst ZachXBT, traced the Bybit hack to Lazarus Group, a North Korean state-affiliated hacking syndicate.
This same group was behind other high-profile exploits, including:
- $600M Ronin network hack
- $230M WazirX hack
- $58M Radiant Capital breach
How Did the Hack Happen?
According to Meir Dolev, CTO of Cyvers, the hackers exploited Bybit’s Ethereum multisig cold wallet by executing a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.
“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.”
What’s Next for Bybit and Crypto Security?
Bybit’s swift recovery is a testament to the resilience of centralized exchanges, but it also raises critical concerns about the evolving threat landscape in crypto. With state-backed hackers targeting the industry, security measures must constantly evolve to stay ahead.
Bybit’s response could shape future security protocols in crypto, pushing exchanges to adopt stricter safeguards against evolving cyber threats.
