After one of the largest cryptocurrency hacks in history, Bybit has almost completely restored its Ethereum (ETH) reserves.
The attack was linked to North Korea’s Lazarus Group, causing ETH to steal $1.46 billion in ETH and steal Steth from the exchange’s cold wallet. However, Bybit CEO Ben Zhou confirmed that the platform has now ended the ETH deficit with a combination of loans, whale deposits and direct purchases.
According to On-Chain Analytics platform LookChain, BYBIT has acquired 446,870 ETH, worth approximately $1.23 billion, bringing the exchange’s total recharge to nearly 88% of the stolen funds. In addition, BYBIT assured users that a new residence report will be released soon and prove that all customer assets are backed up on a 1:1 basis.
Source: bybitHow does Bybit Hack happen?
The violation was first discovered on February 21, when blockchain investigator Zachxbt reported suspicious outflows from Bybit’s Ethereum cold wallet. The attacker used a “mask” transaction to exploit a vulnerability in the exchange’s multi-determination security system, which changed the smart contract logic while displaying the legitimate recipient address.
As a result, Bybit’s security team unknowingly approved a transaction to hand over control of the funds to the attacker. The stolen assets are then transferred to an unidentified address, partially exchanging ETH, Bitcoin (BTC) and Stablecoins across multiple decentralized exchanges.
Further investigations link the attack to the Lazarus Group, a North Korean cybercrime group targeting cryptocurrency companies. Blockchain intelligence companies also found a chain connection between Bybit Hack and the recent exploitation of Phemex Exchange, suggesting a broader coordinated attack on multiple trading platforms.
After the attack, Lazarus Group moved stolen funds in various DEX and privacy schemes, making it more difficult to recover assets. The stolen ETH is divided into multiple wallets, converted into Bitcoin, and further dispersed through privacy mixers and cross-chain bridges.
Blockchain intelligence company Elliptic has tracked $140 million of stolen funds being converted into Bitcoin. Meanwhile, the cryptocurrency mixer’s AC mixer refused to work with Bybit’s efforts to track funds, complicating further recovery attempts. Nevertheless, Baytbit led a coordinated effort with key industry partners to make $42.89 million of stolen assets.
Source: This week (x)What is the status of BYBIT?
After the hack, Baibaibi faced more than $5.3 billion in withdrawals within one day, which greatly affected the liquidity of the exchange. However, the company has taken quick action to supplement its reserves.
According to Lookonchain, Bybit buys a large number of ETH, Galaxy Digital, Falconx and Wintermute through over-the-counter (OTC) transactions with major crypto investment firms, whale deposits from institutional investors and purchases directly from centralized and decentralized communications. A wallet related to Bybit, identified as “0x2e45…1b77”, purchased 157,660 ETH in an OTC transaction starting February 22. Another wallet “0xd7cf…a995”, “0xd7cf…a995”, obtained 304,000 ETH and 304,000 ETH, further contributing the rated rating effect.
Bybit also received $4 billion in liquidity support from external sources, including $63,168 ETH (approximately $170 million), $3.15 billion, $173 million, $173 million, $525 million in CUSD as well as BINANCE, BITGET, BITGET and MEXC transfer. As a result, Bybit has completely reopened all deposit and withdrawal services.
To recover stolen assets, Bybit launched a recovery bounty program, providing up to 10% of the funding to cybersecurity experts and cybersecurity experts and blockchain analysts who assist in asset retrieval. If the full amount is recovered, this could mean a bounty of up to $140 million.
The program invites ethical hackers, security researchers and forensic analysts to contribute to the investigation. Interested participants can [email protected].
