Last week, a significant breach in the cryptocurrency world occurred when hackers managed to steal approximately $1.4 billion in Ethereum from the crypto exchange Bybit, marking what is believed to be the largest crypto heist in history. In response to this unprecedented theft, Bybit has announced a substantial bounty program, offering a total of $140 million to individuals who can assist in tracing and freezing the stolen funds.
Ben Zhou, the CEO and co-founder of Bybit, made the announcement regarding the bounty in a post on X (formerly Twitter) on Tuesday. The bounty program is designed to incentivize the crypto community to help recover the stolen assets. According to the details provided on Bybit’s official bounty site, for every instance where someone successfully traces and freezes a portion of the stolen funds, 5% of that amount will be awarded to the individual who identified the funds, while another 5% will go to the entity that executed the freeze.
As of the latest updates, Bybit has already distributed $4.23 million in bounties, thanks to the efforts of five bounty hunters who have contributed to the recovery efforts. The bounty site features a striking logo depicting a knife appearing to stab through the head of North Korean leader Kim Jong-un, underscoring the seriousness of the situation. Zhou expressed a firm commitment to pursuing the perpetrators, stating, “We will not stop until Lazarus or bad actors in the industry are eliminated. In the future, we will open it up to other victims of Lazarus as well.” The term “Lazarus Group” refers to a collective of hackers believed to be backed by the North Korean government, which has been linked to numerous cryptocurrency thefts.
Multiple security researchers and firms specializing in crypto security have indicated that the hackers involved in the Bybit heist are likely affiliated with the North Korean regime. Over the years, this group has become adept at targeting cryptocurrency exchanges and Web3 companies, with reports indicating that they stole $650 million in crypto in 2024 alone, as per assessments from the governments of the United States, Japan, and South Korea.
On Wednesday, Zhou provided preliminary findings from the forensic investigation into the hack, which was conducted by two cybersecurity firms, Sygnia Labs and Verichains. Sygnia identified that the “root cause” of the attack stemmed from malicious code originating from the infrastructure of SafeWallet, a crypto wallet platform. Verichains further revealed that a benign JavaScript file had been replaced with a malicious version specifically targeting Bybit’s Ethereum Multisig Cold Wallet. Both investigative firms concluded that the hackers had breached a developer’s device at SafeWallet, a claim that the company itself has confirmed.
This incident highlights the ongoing vulnerabilities within the cryptocurrency sector and the persistent threat posed by sophisticated hacking groups, particularly those linked to state-sponsored actors. Bybit’s proactive approach in offering bounties reflects the urgent need for collaboration within the crypto community to combat such threats and recover stolen assets.
