Key Takeaways Bybit has now fully restored its withdrawal system following a major hack. Expect a detailed incident report and info on new security measures from the exchange soon. Great news for Bybit users! Following some disruptions caused by a major hack targeting their Ethereum cold wallet, the exchange has fully restored its withdrawal system.
Key Takeaways
Bybit has now fully restored its withdrawal system following a major hack.
Expect a detailed incident report and info on new security measures from the exchange soon.
Great news for Bybit users! Following some disruptions caused by a major hack targeting their Ethereum cold wallet, the exchange has fully restored its withdrawal system. According to CEO Ben Zhou, Bybit is now processing all withdrawal requests smoothly, without any of the previous delays or limits.
In a Friday night update on X, Zhou shared: “Just 12 hours after facing what might be the worst hack in crypto history, I’m thrilled to announce ALL withdrawals have been processed. Our system is back to its usual speed, enabling you to withdraw any amount without delays. We appreciate your patience and sincerely apologize for the inconvenience.”
Looking ahead, Bybit plans to release a detailed report on the incident, outlining what happened and the new security measures they’ll be implementing. Zhou has committed to keeping the community informed as more information becomes available.
Zhou also expressed gratitude: “A huge thank you to our clients, friends, and partners who offered help and support during these incredibly tough 12 hours,” he added. “Now, the real work of enhancing our security begins.”
Over $1.4 Billion in ETH Affected
The alarm bells first rang on February 21st when blockchain analyst ZachXBT spotted some unusual crypto transfers coming from Bybit. Initial investigations suggested a massive unauthorized withdrawal, including around 400,000 ETH, 90,000 stETH, 15,000 cmETH, and 8,000 mETH. The estimated total loss? A staggering $1.4 billion.
These funds were traced to an address starting with ‘0x4766.’ The perpetrator then quickly moved to convert the stETH and cmETH into ETH using decentralized exchanges (DEXs).
Interestingly, on-chain data also revealed a smaller transaction of 90 USDT by the same actor, which now appears to have been a test run before the main theft.
Bybit quickly acknowledged the security breach following its discovery. CEO Zhou confirmed in an X post that while an ETH multisig cold wallet was indeed compromised, he reassured users that their other cold wallets remained safe.
Zhou explained the sophisticated nature of the attack, highlighting that a legitimate transaction from their ETH cold wallet to a warm wallet, initiated about an hour before the incident, was maliciously manipulated.
The user interface presented to the transaction signers had been falsified, showing the correct destination address and a genuine URL associated with Safe. However, unbeknownst to the signers, the actual signing message linked to the transaction had been secretly altered.
According to Bybit’s CEO, this altered message tricked the ETH cold wallet’s smart contract into granting the attacker unauthorized access and control.
Bybit also released an official statement on X, stating they are working with top-tier blockchain security specialists and industry experts to get to the bottom of the incident and recover the stolen assets.
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
Just under two hours after the breach, Arkham Intelligence reported that the Bybit hacker had already moved approximately $1.3 billion to a network of 53 different addresses.
WE’VE COMPILED A LIST OF BYBIT HACKER WALLETS
The Bybit Hacker currently holds $1.37B of ETH and has used 53 wallets so far.
In fact, a rapid analysis by BitMEX Research, using Bybit’s publicly available reserve data, confirmed that the exchange indeed appeared to have sufficient reserves to meet its user obligations, even after absorbing such a significant theft.
Based on a very quick back of the envelope calculation, of the numbers in the latest @Bybit_Official published “Reserve Ratios”, the company still looks solvent, despite the massive loss over $1bn pic.twitter.com/8jzAh6xBS8
Zhou further addressed community concerns in a live stream on X, stating Bybit had secured a bridge loan equivalent to 80% of the stolen funds from undisclosed partners.
He clarified that Bybit has no intention to buy back the stolen ETH on the open market, which could artificially inflate prices. Instead, Bybit intends to use its reserves to cover any potential losses, ensuring user funds remain protected.
Zhou also pointed out the challenges the hacker would face in liquidating such a large amount of ETH, noting that major trading platforms have limited liquidity and are likely to implement measures to block suspicious transactions.
Crypto World Rallies to Support Bybit
Demonstrating the interconnectedness and supportive nature of the crypto community, numerous industry figures and members have stepped up to offer assistance to Bybit in the wake of this security incident.
Notably, Changpeng ‘CZ’ Zhao, former CEO of Binance, and Justin Sun, founder of Tron, have both publicly indicated their willingness to provide support.
Exchanges OKX and KuCoin also released statements pledging their support to Bybit during this challenging time.
On-chain data reveals that Binance and Bitget demonstrated their solidarity with Bybit by depositing over 50,000 ETH into Bybit’s cold wallets on Friday afternoon. Furthermore, Arkham announced a bounty of 50,000 ARKM for anyone who can help identify the Bybit hacker.
Bitget CEO Gracy Chen stated, “Our systems have already blacklisted the hacker’s wallets. We are prepared to block any incoming transactions from these illicit addresses to our exchange as soon as they are detected. Our security and research teams are actively monitoring the situation, and if we uncover any significant findings, we’ll share a detailed analysis of this incident and suggest preventative measures for the industry.” Bitget contributed approximately 40,000 ETH to Bybit’s efforts.
Chen further clarified, “These are Bitget’s own funds, sent purely as a gesture of goodwill within the crypto community. Rest assured, all of Bitget’s users’ funds are securely held on our platform, as you can verify through our Proof of Reserve.”
Adding to the show of support on February 22nd, a crypto whale transferred 20,000 ETH, valued at around $53 million, to Bybit’s cold wallet, as reported by Lookonchain.
Is Lazarus Group Behind the Attack?
Adding another layer of intrigue, Arkham has pointed the finger at North Korea’s notorious Lazarus Group as the likely culprits behind the hack, citing compelling evidence provided by ZachXBT.
The blockchain investigator reportedly submitted “definitive proof” to Arkham, who in turn, shared these findings with the Bybit team to aid in their ongoing investigation.
According to ZachXBT, his evidence links this Bybit incident to the $70 million Phemex hack from January, which was also attributed to the Lazarus Group.
The Latest Developments
Fresh updates from both ZachXBT and Bybit’s CEO reveal that the suspected Bybit attackers, believed to be the Lazarus Group, began moving 5,000 ETH stolen from Bybit to a new address in the early hours of Saturday.
Current reports suggest the group is trying to sanitize the illicit funds using the eXch mixer and exploring bridging options to convert the ETH to Bitcoin via Chainflip. Bybit CEO Ben has directly appealed to Chainflip, requesting their assistance in preventing further movement of these assets.
Chainflip responded, stating they have taken immediate steps to investigate and address the situation. However, they also emphasized that as a decentralized protocol, their ability to unilaterally block, freeze, or redirect funds is limited.
