Crypto exchange Bybit has successfully replenished its reserves after suffering a record-breaking $1.5 billion hack last week. The company secured emergency funding and large deposits to stabilize its financial position, ensuring that customer withdrawals remained open.
Swift Response to the Hack
Within 72 hours of the breach, Bybit managed to secure nearly 447,000 ether tokens through emergency loans from firms such as Galaxy Digital, FalconX, and Wintermute. A proof of reserves audit, conducted by cybersecurity firm Hacken, confirmed that Bybit had fully restored its reserves, ensuring a 100% collateralization ratio for major assets, including Bitcoin, Ether, Solana, Tether, and USDC.
How the Hack Happened
The attack occurred during a routine internal transfer when Bybit was moving funds from its offline “cold wallet” to a “warm wallet” for active trading. Hackers exploited security vulnerabilities in the process, intercepting the transaction and redirecting the funds to an unknown address.
Bybit CEO Ben Zhou reassured users via a post on social media platform X, stating that the exchange remained solvent, client assets were fully backed, and withdrawals were unaffected.
Tracing the Stolen Funds
Blockchain analytics firm Elliptic has linked the attack to North Korea’s Lazarus Group, a notorious cybercriminal organization. According to Elliptic, the stolen funds were initially dispersed across 50 different wallets, each holding about 10,000 ether tokens, as part of an effort to launder the assets.
As of February 24, approximately $195 million—roughly 14.5% of the stolen funds—has already been transferred.
Challenges in Recovering the Assets
Bybit has offered a 10% bounty for the return of the stolen funds. However, given the Lazarus Group’s history of laundering crypto to evade international sanctions, the chances of recovery appear slim.
The group has been responsible for several high-profile crypto heists, including the $600 million Axie Infinity hack in 2022, of which only $30 million was recovered. Reports suggest stolen crypto is often used to fund North Korea’s nuclear program.
Meanwhile, Ether, the primary token involved in the attack, has dropped about 5% over the past day as the market reacts to the breach.
While Bybit has effectively restored its reserves, the incident underscores the ongoing security challenges in the crypto industry, raising concerns about vulnerabilities in asset transfers and the increasing threat of cyberattacks.