This past weekend, Bybit confirmed it was the victim of a hack that resulted in more than $1.4bn worth of cryptocurrency stolen from its exchange.
Blockchain analyst ZachXBT first reported the attack last Friday (21 February) after noting that a user titled The Lazarus Group was performing mass withdrawals, which Bybit soon responded were “suspicious outflows”.
The suspicions rose when more than 400,000 ETH ($1.1bn) was sent to a crypto wallet last Friday which was then sent to a cold wallet to unidentified addresses.
Holding crypto in a cold wallet enables users to keep their assets offline as a means to prevent such hacks and thefts. The accused Lazarus Group appears to have used this to their advantage, with Arkham Intelligence confirming them as the attackers.
With ETH being the targeted digital currency of the hack, it was then distributed across several cold wallets and then liquidated on decentralised exchanges to be sold.
Once more was revealed, the hack resulted in more than $1.4bn worth of crypto being stolen from the exchange which resulted in Bybit having to act swiftly to ensure its reserves and collateral were 1:1 backed, even requiring loans to ensure security to its users’ funds.
Despite this, Bybit users began to withdraw money from their wallets at scale upon the news of the hack, which its CEO, Ben Zhou, confirmed withdrawals had stabilised by Sunday (23 February).
Zhou revealed that 70% of all customer ETH was stolen meaning that it had to secure a loan to be able to process the surging amount of withdrawals that were being requested, with stablecoins, not ETH, being the most withdrawn digital asset.
Bybit reacts, swiftly
Being the second-largest crypto exchange by trading volume, Bybit ensured its users its reserves were 1:1 guarantee backed and that clients’ assets remained fully intact.
30 minutes after learning of the hack, Zhou confirmed to Bybit users news of the attack and that it would be swiftly integrating security protocols to ensure the security of its customers’ assets.
In a bid to quickly slow down fears and any potential further damage, Bybit temporarily shut down its Safe function – a custody protocol backed by smart contracts to elevate the security of cold wallets – which later was confirmed was not compromised.
Bybit’s internal and external task forces confirmed the blockchain addresses that traced the attack. The crypto exchange also announced that it will continually update the list of addresses to partnering crypto security firms to prevent any possible further attacks, also rewarding successful interceptions with a 10% bounty reward.
This collaborative approach from both Bybit and the crypto sector was hailed by Zhou as he remained positive over the future of crypto crime defences for the future.
He stated: “I am energised by the incredible camaraderie on-chain and in real life. This can be a transformative moment for our industry if we get it right. Together, we can build a stronger defense system against cyber threats.”
Crypto hacks continue to plague the sector
Whilst Bybit has confirmed that its security platform, HackBounty, is still currently under development – designed to connect the entire sector to stamp out hackers – crypto hacks such as this past weekend’s is a stark reminder of the prevalent issue.
The suspected Bybit hacker Lazarus Group has ties to North Korea and has been the subject of many high-profile hacks for the better part of a decade. This includes the 2014 cyber attack on Sony Pictures and distributing the ransomware technology WannaCry – which can be accessed for a fee provided in Bitcoin – in 2017.
North Korean hackers have been an ever-present when it comes to crypto hacks. Last year, hackers from the country accounted for half of all crypto hacks ($2.2bn) last year, according to Chainalysis, a 21% increase from 2023 figures.
Within Chainalysis’ research, it revealed that 2024 was a record year for crypto hacks in comparison to lower bound projections, with the potential amount of losses from last year expected to possibly rise.
The record Bybit crypto hack underscores the importance of security protocols to be further developed to ensure consumer protection and confidence.
What Bybit and the crypto community can hang their hat on is the immediate and collaborative approach taken to inform customers about the hack, taking swift action to mitigate any potential further attacks and addressing the action head-on.
