Bybit, the cryptocurrency exchange that experienced a significant hack last Friday, managed to endure an outflow exceeding $6.1 billion over the weekend. In a positive development, the exchange’s CEO announced that the platform has successfully replaced the $1.5 billion worth of Ether that was stolen during the attack.
According to data from DeFiLlama, Bybit held approximately $16.9 billion in customer assets prior to the hack, but this figure plummeted to around $10.8 billion as of the latest reports. The withdrawal pressure was exacerbated by hackers draining nearly 70% of the exchange’s clients’ Ether during the incident.
In response to the crisis, Bybit’s CEO, Ben Zhou, took to X (formerly Twitter) to reassure users, stating that the exchange “has already fully closed the ETH gap.” He emphasized that Bybit is now back to a 100% 1:1 ratio on client assets, verified through a Merkle tree structure. Zhou also indicated that the exchange would soon release an audited proof-of-reserves report to further bolster confidence among its users.
Zhou’s announcement followed an estimate from blockchain analytics firm Lookonchain, which revealed that Bybit had received 446,870 Ether, valued at approximately $1.23 billion, from various sources including loans, whale deposits, and purchases. Out of this total, the hacked exchange acquired 157,660 Ether, worth around $437.8 million, from crypto investment firms such as Galaxy Digital, FalconX, and Wintermute through over-the-counter transactions. Additionally, Bybit purchased another $304 million worth of Ether from both centralized and decentralized exchanges.
The attack on Bybit has been characterized as the largest heist in the history of cryptocurrency exchanges. On-chain analysts have linked the breach to North Korea’s infamous Lazarus Group, known for its cybercriminal activities. In light of the attack, Bybit has initiated a bounty program offering $140 million to gather information related to the massive cyber intrusion.
While the exchange has not publicly disclosed the specific vulnerability that led to the breach, CEO Ben Zhou mentioned, “We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know.” Safe is a decentralized custody protocol that provides smart contract wallets for managing digital assets. Some exchanges have integrated Safe to allow users to maintain control of their funds while utilizing multi-signature functionality to enhance the security of their cold wallets.
In the aftermath of the Bybit attack, Safe temporarily suspended its smart wallet functionalities, which raised concerns for the hacked exchange regarding the increasing volume of withdrawal requests. However, Bybit coordinated with Safe and other platforms to establish a streamlined process to honor these withdrawal requests, ensuring that users could access their funds amidst the ongoing crisis.
