TLDR
- On February 21, 2025, Bybit's cryptocurrency exchange experienced a hack resulting in a loss of $1.4 billion.
- Ben Zhou, CEO of Bybit, has declared a 'war against Lazarus', a notorious North Korean hacking group believed to be behind the attack.
- Bybit has introduced a bounty program rewarding 5-10% for efforts in retrieving stolen funds.
- The exchange asserts it has already compensated the stolen cryptocurrency assets.
- This incident is the largest cryptocurrency theft to date, surpassing the $600 million Ronin Bridge hack.
On February 21, Bybit exchange suffered what is reportedly the largest cyber theft in the history of cryptocurrencies, involving over $1.4 billion in digital assets. This breach primarily targeted tokens like liquid-staked Ether (STETH), Mantle Staked ETH (mETH), among others, prompting a strong reaction from the executive team.
On February 25, Bybit CEO and co-founder Ben Zhou took to the social platform X to officially announce a 'war against Lazarus,' the infamous North Korean hacking group believed to be responsible. He stated, 'We're fully committed, and our team's task is to continually maintain and update the website until Lazarus or any bad actors in the industry are eradicated.'
Join us on war against Lazarus – https://t.co/6DnaH1WTId
An innovative bounty platform providing complete transparency on the sanctioned activities of Lazarus in money laundering. Initial features include:
– Enabling your journey as a bounty hunter by linking your wallet to assist in tracking the funds, when...— Ben Zhou (@benbybit) February 25, 2025
Central to Bybit’s strategy is a newly unveiled bounty program targeting the recovery of stolen assets. As detailed on the dedicated bounty site, participants aiding in the freezing of unlawfully transferred assets could earn rewards equating to 5% of the recovered cryptocurrency. Enhanced recovery achievements may even secure higher compensations, with the site mentioning, 'Efficient interceptions will receive a 10% reward.'
Due to the sheer volume of assets involved, the bounties could escalate to a staggering $140 million, serving as a lucrative draw for security specialists and blockchain investigators to engage in the recovery mission. This bounty initiative stands as one of the most extensive ever launched in reaction to a crypto hack.
The theft was initially detected by notable blockchain investigator ZachXBT, who attributed the attack to the Lazarus Group. This hacking collective, allegedly sponsored by North Korea, has been linked to several major crypto heists over the years, with reports claiming they have looted more than $3 billion worth of assets from exchanges between 2017 and 2023.
Despite the enormous theft, Bybit swiftly took action to allay user concerns. Just two days following the breach, on February 23, the exchange announced it had offset all stolen crypto assets using its reserves. 'Bybit is back to providing 100% 1:1 client asset backing,' the company declared in an official statement, which implies user funds are completely secured.
Chasing down the largest crypto heist ever recorded.
The February 21 breach significantly overshadows previous landmark cryptocurrency hacks. For reference, the 2022 Ronin Bridge hack, once deemed one of the largest in crypto history, resulted in comparably smaller losses of approximately $600 million, which is less than half of Bybit's losses.
Zhou’s assertive approach towards the hackers reflects a shift from how similar incidents have been handled by exchanges in the past. Traditionally, many companies resort to offering bounties as a means to persuade hackers to return stolen assets and avoid legal repercussions. However, Bybit’s CEO has taken a direct approach by declaring an intention to 'dismantle' Lazarus’ operations.
This confrontational approach may also pose risks. Security authorities warn that such bold announcements could potentially make Bybit a target for future attacks, especially from advanced state-sponsored entities like Lazarus who have demonstrated enduring capabilities over the years.
Based on insights from blockchain security firm PeckShield, over $3 billion was stolen by hackers and scammers through varied crypto-related activities in 2024, with phishing efforts representing the highest cost attack vector. Nonetheless, PeckShield’s research shows a decline in the overall number of hacks and scams since 2022, with incidents decreasing towards the end of 2024.
The wider crypto industry has taken note of the Bybit breach, with some security professionals emphasizing potential weak points in the Ethereum Virtual Machine (EVM) architecture. Bitcoin proponent Adam Back was among those criticizing what he termed an ‘EVM mis-design’ as a primary cause of the Bybit security compromise.
Bybit has suggested plans to broaden its bounty program to support other victims of Lazarus Group attacks, positing the initiative as part of a larger industry-wide defensive effort against North Korean cyber threats.
The hack coincides with a period where global regulatory bodies are increasingly scrutinizing cryptocurrency security. Numerous financial regulators have pointed to security vulnerabilities and the risk of theft as major justifications for imposing stricter regulations on digital asset platforms and services.
For Bybit, established in 2018 and now one of the world’s largest crypto trading platforms, the hack signifies a significant security challenge and a test of consumer trust. The quick replacement of stolen funds and the rollout of the bounty initiative appear more aimed at retaining faith in its platform despite the extraordinary scale of the theft.
Teams specializing in blockchain forensics continue to monitor the movement of the stolen funds across various digital wallets and platforms. Preliminary reports suggest that the hackers began moving and attempting to disguise the stolen cryptocurrency shortly after the breach, employing varied strategies to obscure its trail.
The Bybit breach unfolded on February 21, with CEO Ben Zhou declaring a 'war against Lazarus' four days later, alongside the introduction of a bounty program offering up to 10% rewards to individuals aiding in the recovery of $1.4 billion in stolen crypto.
