Bybit Bounces Back: Restores Nearly Half of Ether Reserves After $1.5 Billion Hack

In a stunning display of resilience, Bybit bounced back from a $1.5 billion hack in just two days, thanks to the crypto community’s solidarity. The exchange has restored nearly half of its Ether (ETH) reserves through OTC purchases and emergency transfers, showcasing the industry’s strength in the face of adversity.

• Bybit restores nearly 50% of Ether reserves post-hack
• $295M OTC purchase and emergency transfers key to recovery
• Hack linked to North Korea’s Lazarus Group

On February 21, 2025, Bybit, one of the world’s leading cryptocurrency exchanges, faced a massive hack that saw over 400,000 ETH and stETH (staked Ether) siphoned off from one of its Ethereum cold wallets (offline storage for cryptocurrencies). The loss amounted to more than $1.5 billion, causing Bybit’s reserves to plummet from 439,000 ETH to a mere 61,000 ETH. Imagine losing $1.5 billion overnight—it’s enough to make even the Flash look slow.

However, Bybit’s swift response, coupled with the crypto community’s unwavering support, led to a remarkable recovery. The exchange acquired 106,498 ETH through OTC (over-the-counter) trades, valued at approximately $295 million. But it wasn’t just Bybit’s efforts that made headlines; emergency transfers from other industry players played a crucial role. Binance, the world’s largest exchange, stepped up with 50,000 ETH, while Bitget contributed 40,000 ETH. Additionally, Du Jun, co-founder of HTX Group, provided 10,000 ETH. These contributions, totaling $390 million worth of ETH, showcased the industry’s commitment to supporting one of its own in a time of need.

Despite the chaos, Bybit managed to process over 350,000 withdrawal requests within just 10 hours of the hack, completing an impressive 99.9% of them. This swift action was crucial in maintaining user trust during such a turbulent time. Bybit’s CEO, Ben Zhou, reassured users that the platform was securing a bridge loan to cover losses and promised to make users whole for any coins it could not reclaim.

While the hack caused Bybit’s total asset value to drop by over $5.3 billion, the exchange’s reserves still exceeded its liabilities, as confirmed by its independent proof-of-reserve auditor, Hacken. Hacken’s audit provided a glimmer of hope amidst the crisis:

“Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed.”

The attack, however, was no ordinary hack. Investigations led by blockchain security firm Arkham Intelligence and on-chain investigator ZachXBT linked the breach to the notorious North Korean state-backed Lazarus Group. These cyber thieves from North Korea are a persistent thorn in the crypto world’s side, known for their sophisticated exploits. The Lazarus Group has been behind several high-profile hacks in the crypto space, including those on Phemex and BingX. Meir Dolev, co-founder and CTO of Cyvers, detailed the attack’s methodology, highlighting the deceptive transaction technique used to gain access to Bybit’s cold wallets.

The rapid response from the crypto community, including significant support from exchanges like Binance and Bitget, underscores the interconnectedness and resilience of the industry. On-chain analyst Conor Grogan noted the significance of Bitget’s emergency transfer, which constituted a quarter of all of Bitget’s ETH reserves, and compared Binance’s quick support to its slower response during the FTX collapse in 2022.

This incident serves as a stark reminder of the ongoing security challenges within the cryptocurrency industry. While Bybit’s quick recovery is commendable, it also highlights the need for enhanced protective measures against increasingly sophisticated cyberattacks. The Lazarus Group’s involvement further emphasizes the threat posed by state-backed hacking groups, a risk that all players in the crypto space must be vigilant against.

Despite the dark side of this story, the optimistic outlook remains that the crypto community can rally together in times of crisis. Bybit’s rapid restoration of its reserves and the industry’s support demonstrate the potential for collective action to mitigate the impact of such hacks. Yet, this event also underscores the limitations and risks inherent in the decentralized world of cryptocurrency, where security must be continually fortified.

As we navigate these challenges, it’s crucial to maintain a balanced perspective. While the hack is a setback, it’s also an opportunity to learn, improve, and strengthen the foundations of the crypto ecosystem. The journey towards a decentralized financial future is fraught with obstacles, but with resilience, innovation, and a commitment to security, the industry can continue to disrupt the status quo and drive effective accelerationism.

Key Takeaways and Questions

• What was the impact of the hack on Bybit’s reserves?

  Bybit’s Ether reserves dropped from 439,000 ETH to 61,000 ETH but have since recovered to over 201,600 ETH, restoring nearly half of its reserves.

• How did Bybit manage to restore its reserves?

  Bybit restored its reserves through a combination of OTC purchases totaling 106,498 ETH and emergency transfers from other industry players, including significant contributions from Binance, Bitget, and Du Jun.

• Who was responsible for the hack?

  The hack has been linked to the North Korean state-backed Lazarus Group, known for similar cyberattacks in the past.

• What was the response of the crypto community to the hack?

  The crypto community provided Bybit with $390 million worth of Ether in emergency loans and transfers, demonstrating significant support and solidarity.

• What is the current status of Bybit’s assets?

  Despite the hack, Bybit’s reserves still exceed its liabilities, and its independent proof-of-reserve auditor, Hacken, has confirmed that user funds remain fully backed. However, the exchange’s total asset value dropped by over $5.3 billion in the immediate aftermath of the incident.