Bybit has swiftly replenished its reserves after suffering a $1.5 billion hack, marking the largest security breach in the history of the cryptocurrency industry. Within just 72 hours, the exchange managed to recover hundreds of thousands of ether tokens through a combination of emergency loans and substantial deposits. While this rapid response stabilized the platform and kept customer withdrawals operational, the stolen funds remain unaccounted for.
The breach took place during a routine internal transfer, as Bybit was moving assets from a secure offline “cold wallet” — intended for long-term storage — to a more accessible “warm wallet” for active trading. Hackers exploited vulnerabilities during this transfer process, intercepting the transaction and diverting the funds to an unidentified address.
Bybit’s CEO, Ben Zhou, assured users via social media that the platform remains solvent, emphasizing that all client assets continue to be fully backed and that withdrawals remain open. To stabilize its financial position, Bybit secured nearly 447,000 ether tokens through emergency funding from key partners, including Galaxy Digital, FalconX, and Wintermute.
An independent proof of reserves audit conducted by cybersecurity firm Hacken confirmed that Bybit had successfully restored its reserves. The audit verified that all major assets — including bitcoin, ether, solana, tether, and USDC — were backed by over 100% collateralization, ensuring the platform’s financial stability.
However, recovering the stolen crypto assets poses a significant challenge. Blockchain analytics firm Elliptic has traced the attack to North Korea’s notorious Lazarus Group. The stolen funds were initially spread across 50 different wallets, each containing around 10,000 ether tokens, in an apparent effort to obscure their origins and facilitate laundering.
As of February 24, approximately $195 million, or 14.5% of the stolen assets, had already been transferred. Bybit has offered a 10% bounty in hopes of recovering the stolen funds, although historical precedents suggest the likelihood of recovery remains low.
The Lazarus Group has a well-documented history of crypto theft and laundering to bypass international sanctions, reportedly using stolen assets to fund North Korea’s nuclear program. Notably, the group was responsible for the $600 million hack of Axie Infinity in 2022, from which only $30 million was recovered despite international intervention.
Following the attack, ether — the cryptocurrency at the center of the breach — experienced a 5% decline in value over the past day.
READ MORE: