Breaking News
admin
Feb 22 2025
1In an event that has sent shockwaves through the cryptocurrency industry, Bybit, one of the leading global crypto exchanges, faced a $1.4 billion security breach on February 21, marking the largest single crypto theft in history. However, Bybit’s swift response and robust financial structure have ensured that user funds remain fully backed, with independent auditors confirming that the exchange’s reserves still surpass its liabilities.
The attack targeted liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and various ERC-20 tokens. In total, Bybit’s overall asset value fell by more than $5.3 billion, with the $1.4 billion loss from the hack accounting for a significant portion of this decline.
Despite these losses, Bybit’s independent Proof-of-Reserve (PoR) auditor, Hacken, reassured users of the exchange’s solvency. In a statement issued on February 21, Hacken confirmed that Bybit’s reserves continue to exceed its liabilities, indicating that all user funds remain fully secured and backed.
> “Today’s hack was unprecedented and a tough moment for the industry. But the key takeaway is that Bybit’s financial health remains strong. As the independent PoR auditor, we have verified that user funds are still 100% backed,” Hacken noted.
Swift Response and Community Support
Bybit’s rapid response to the incident demonstrated its operational resilience. Within 10 hours of the breach, the exchange processed more than 350,000 withdrawal requests, successfully completing 99.9% of them by 1:45 am UTC on February 22.
Ben Zhou, co-founder and CEO of Bybit, took to X (formerly Twitter) to address the situation. “This was one of the most severe hacks ever witnessed in the financial and crypto sectors. However, all Bybit products and services remain fully operational. Our entire team worked through the night to ensure client questions were answered, and withdrawals were processed without delay,” Zhou stated.
In an extraordinary show of solidarity, leading exchanges and industry figures rallied to assist Bybit. Binance contributed 50,000 Ether, Bitget provided 40,000 Ether, and Du Jun, co-founder of HTX Group, transferred 10,000 Ether to support Bybit’s liquidity needs.
Tracing the Attack: A Familiar Adversary
Blockchain analysts, including Arkham Intelligence and renowned on-chain investigator ZachXBT, have linked the attack to the Lazarus Group, a North Korean state-affiliated hacking entity. This group has been connected to several high-profile cyberattacks in the crypto space, including the $600 million Ronin network breach.
Meir Dolev, co-founder and chief technical officer at Cyvers, revealed that the hack bore striking similarities to other recent incidents, such as the $230 million WazirX hack and the $58 million Radiant Capital breach. According to Dolev, the attackers exploited a deceptive transaction, tricking the signers of Bybit’s Ethereum multisig cold wallet into approving a malicious smart contract logic change.
> “The attacker managed to manipulate the multisig wallet’s signers into approving a malicious logic update, giving them full control over the cold wallet’s contents. The funds were then swiftly transferred to an unknown address,” Dolev explained.
Lessons for the Industry
While Bybit’s internal systems remained unaffected—thanks to robust security measures and quick incident containment—the breach highlights ongoing vulnerabilities in the crypto ecosystem. Even centralized exchanges with advanced safeguards are not immune to sophisticated cyberattacks.
Over the past year, North Korean cyber operatives have been linked to several crypto heists, including the $305 million DMM Bitcoin hack, a $50 million breach at Upbit, and the $16 million Rain Management hack. A joint statement from the United States, Japan, and South Korea noted that funds generated from these attacks were allegedly funneled into North Korea’s nuclear weapons program.
Looking Ahead: Bybit’s Road to Recovery
Despite the scale of the breach, Bybit’s handling of the crisis has been widely praised. Its ability to maintain user fund security, process a massive volume of withdrawal requests, and secure emergency liquidity support reflects both operational strength and community trust.
Industry experts believe that Bybit’s recovery path will hinge on two key factors: restoring user confidence and reinforcing its security architecture. CEO Ben Zhou emphasized that the exchange is already working on enhancing its security protocols and collaborating with blockchain security firms to trace and recover stolen assets.
> “Our focus now is twofold: ensuring that no user is impacted and doubling down on our security systems to prevent future incidents,” Zhou stated.
While the attack represents a significant setback for the broader crypto sector, Bybit’s robust response serves as a case study in crisis management within the industry. The event has also reignited discussions around the need for industry-wide security standards and cross-platform collaboration to counter increasingly sophisticated threats.
Source: https://cointelegraph.com/news/lazarus-group-consolidates-bybit-phemex-hacker-wallet
