It felt like the crypto world was holding its breath for a major shock, and unfortunately, it arrived with the massive $1.4 billion hack of Bybit. But here’s the surprising part: unlike past disasters that nearly brought the whole industry crashing down, this time, it’s been handled remarkably well. This really shows how much more mature the digital asset space has become.

In what many are calling potentially the biggest crypto heist ever, Bybit reportedly lost over $1.4 billion in ETH and stETH in the early hours of Friday. The investigation is still ongoing, but crypto circles are buzzing because prominent on-chain investigator ZachXBT is pointing fingers at North Korea’s Lazarus Group. Apparently, the patterns of this attack look just like their usual methods.

When news of the hack first broke, you could feel the panic spreading through the markets. Bybit users, with the ghost of FTX still fresh in their minds, rushed to pull their funds off the exchange. It was a tense moment, reminiscent of how sudden withdrawals led to FTX’s collapse. Thankfully, the situation calmed down quicker than many expected. The crypto community, despite the initial sensational headlines, really showed its resilience and unity, pulling together in the face of adversity.

mETH protocol Joins Binance and Others in Supporting Bybit

Just shortly after the hack news went public, mETH Protocol, a decentralized platform on Ethereum that lets you stake ETH and get mETH tokens in return, released a detailed rundown of what happened. Their report unveiled that the hackers tried several times to move assets off the platform through multiple transactions.

According to mETH’s report, the hackers managed to swap 8,000 mETH for ETH across three trades on a decentralized exchange, and they also attempted a big withdrawal of 15,000 cmETH directly from mETH Protocol. However, here’s where things took a turn – the protocol’s defenses kicked in, and the hackers couldn’t complete that withdrawal.

Turns out, the hackers would have gotten away with even more if it weren’t for mETH Protocol’s smart security measures. A crucial one was an 8-hour withdrawal delay built right into the system, designed to prevent exactly this kind of immediate, large-scale fund drain.

Adding another layer of defense, the protocol immediately blacklisted the hacker’s address. This action helped reduce the amount of cmETH available on the Mantle Network and allowed them to recover roughly 15,000 cmETH from the hacker’s address, sending it to a safe recovery address. This move essentially secured the integrity of the cmETH supply.

Beyond mETH Protocol, some other big players in the crypto space have stepped up to offer support, including Binance and Tether.

On Friday, Paolo Ardoino, CEO of Tether, announced that his company had frozen $181,000 worth of USDT connected to the stolen Bybit funds, thanks to the quick work of ZachXBT in tracing the funds.

“Might not be much, but it’s honest work,” Ardoino tweeted on X. “We keep monitoring.”

Binance, on their end, decided to provide Bybit with a bridge loan. This crucial step allowed Bybit to continue processing customer withdrawals without any hiccups, ensuring users could still access their funds despite the ongoing crisis. Showing further solidarity, Bitget also offered a substantial loan of 64,452 ETH to Bybit, and MEXC chipped in by transferring 12,652 stETH to Bybit’s cold wallet as a sign of support.

By now, it’s pretty clear that Bybit has managed to ride out the worst of the storm from this attack.

Following the breach, Bybit confirmed that withdrawals were still functioning, though they did warn that some users might see delays due to increased network traffic. Despite this heads-up, Bybit successfully processed a solid 70% of withdrawal requests and are actively working to clear the remaining backlog.

With the immediate crisis averted, the company has now shifted its focus to recovery efforts.

On Saturday, Bybit made a compelling offer: they would give 10% of any recovered funds—up to a massive $140 million—to on-chain security experts who could help them track down and retrieve the stolen assets.

In a statement, Bybit co-founder and CEO Ben Zhou highlighted the incredible show of unity from the crypto community and emphasized that this support wasn’t being taken for granted.

“We’ve all shared a dark moment in crypto history, and we’ve proven that we’re stronger than the malicious actors,” Zhou stated. “We want to officially reward our community members who lent us their expertise, experience, and support through this Recovery Bounty Program, and our commitment to turning this difficult lesson into something valuable definitely doesn’t end here.”

Ben also pointed out that the hackers were moving some of the funds to Chainflip.io as a bridge to convert the ETH into BTC. In a desperate plea for help, he sent out an SOS message to any bridge platforms that had the ability to freeze or recover the stolen funds, saying, “If you are a bridge, please help us to block and prevent further conversion to other chains.”

Which Projects Could Still Help Freeze Assets?

Reports indicate that the bulk of the stolen funds are in native Ethereum, which makes recovery a challenge because it lacks a central point of control for freezing assets. In addition to ETH, around 8,000–15,000 mETH and approximately 181,000 USDT were also stolen.

As Bybit actively pursues justice, many in the crypto space are urging more entities currently watching from the sidelines to get involved and help freeze the hackers’ assets. Several projects are being looked at to potentially take action, including Lido (stETH) and Ethereum itself (ETH).

Lido, as a major liquid staking protocol and the issuer of stETH (Staked ETH), could potentially help by blacklisting stETH addresses. However, this kind of action might only happen if there’s significant pressure from Bybit or regulatory bodies. Furthermore, Lido’s decentralized nature means swift action is less likely unless exchanges or law enforcement really push the effort.

While technically native ETH can’t be frozen by a single entity due to Ethereum’s decentralized structure, a hard fork or rollback is theoretically possible to invalidate the stolen funds. This drastic measure was actually taken once before in 2016 after the DAO hack. However, it would require a broad consensus from miners, nodes, and the entire community. While influential voices like Arthur Hayes have discussed the possibility of an Ethereum rollback given the scale of this hack, there hasn’t been any official indication of this happening, and it’s uncertain if the community would even be willing to consider such a move.

Without overwhelming community support, a rollback is highly unlikely. And while blacklisting at the protocol level for ETH isn’t really feasible, crypto exchanges still have the power to tag and block the hacker’s addresses.

If the hackers make the mistake of swapping the stolen ETH into other ERC-20 tokens like USDC, those projects *do* have the ability to freeze funds, provided their smart contracts allow it. Circle, the company behind USDC, has been known to freeze stolen funds in the past, though typically when significant amounts of USDC itself were directly involved, which isn’t the case here.

Some analysts are predicting that the hackers will eventually try to convert the ETH to ERC-20 tokens before moving it into Bitcoin and ultimately attempt to cash out through fiat currency via Asian exchanges.

Cryptopolitan Academy: Want to Land a Web3 Job? Learn How with our FREE Resume Cheat Sheet!

Source: cryptopolitan.com