In a major breakthrough in the aftermath of the $1.4 billion Bybit hack, mETH Protocol has successfully recovered 15,000 cmETH tokens valued at approximately $43 million from Lazarus Group, the North Korean-linked hackers behind the attack. Meanwhile, Tether has frozen $181,000, underscoring the ongoing battle against crypto exploitation and illicit fund movements.
mETH Protocol Blocks Unauthorized Withdrawals, Recovers $43M
Mantle’s liquid restaking protocol, mETH Protocol, announced the recovery on Saturday, attributing its success to built-in security measures that allowed the team to respond swiftly.
“The 8-hour withdrawal delay built into the protocol provided the team with critical response time to temporarily pause the contract, effectively stopping unauthorized withdrawals,” mETH Protocol stated on X.
Early reports mistakenly suggested that the 15,000 cmETH tokens were burned, but the team clarified that they had been successfully transferred to a recovery address.
Polygon’s Mudit Gupta and SEAL Team Lead the Charge
The recovery effort was spearheaded by Mudit Gupta, Chief Information Security Officer at Polygon, alongside rapid-response security team SEAL. Gupta shared on X that he identified the recovery possibility soon after the hack and was quickly connected with the Mantle/mETH team, enabling a swift counteraction.
“I saw the recovery possibility soon after the hack, and SEAL connected me with Mantle/mETH team who made it happen,” Gupta explained.
The success of this rapid intervention highlights the importance of blockchain security teams and real-time monitoring in mitigating losses from major exploits.
Bybit’s Bounty Program and Industry Comparisons
The $43 million recovery is already a record-breaking post-hack retrieval, surpassing the $30 million salvaged from Lazarus Group’s Ronin Bridge attack linked to Axie Infinity. That effort, led by Chainalysis and U.S. law enforcement, took nearly six months—a stark contrast to the rapid response seen in the Bybit case.
This recovery could qualify under Bybit’s recently announced bounty program, which offers up to 10% of recovered funds to those assisting in the retrieval process—a potential $4.3 million reward.
Tether Steps In, Freezes $181,000 USDT
In a parallel effort, Tether CEO Paolo Ardoino announced the freezing of 181,000 USDT tokens connected to the Bybit hack.
This isn’t the first time Tether has acted against Lazarus-linked exploits. In September 2024, Tether, alongside Paxos, Techteryx, and Circle, froze $5 million worth of tokens across multiple blockchains funds stolen in 25 different exploits and laundered through peer-to-peer exchanges.
Crypto Security’s Next Steps
While the $43 million recovery marks a significant win, the Bybit hack underscores the evolving security threats plaguing centralized exchanges and DeFi protocols.
The Lazarus Group continues to refine its tactics, moving funds through complex laundering schemes. However, coordinated security efforts, like those seen with mETH Protocol, SEAL, and Tether, are proving that rapid intervention and blockchain forensics can play a crucial role in minimizing damage.
With billions lost to crypto hacks in 2024, this case serves as a reminder that proactive security measures, community collaboration, and rapid response teams will define the future of crypto security.
