TLDR
- Astonishingly, Bybit recouped almost all of the Ethereum lost during the $1.4 billion hack by acquiring 254,830 ETH through various strategies within a 48-hour window.
- The Ethereum was acquired through business deals made with Galaxy Digital, FalconX, and Wintermute, along with loans from Bitget, MEXC, Binance, and DWF Labs.
- The hacker retains control of 458,451 ETH, equating to approximately $1.29 billion, after moving 40,944 ETH, about $115 million, to Bitcoin and other cryptocurrencies.
- In a consolidated industry effort, $43 million in stolen funds were frozen in just two days.
- Bybit has rolled out a Recovery Bounty Program, promising a 10% reward for any recovered assets, potentially up to $140 million.
In a proactive move after one of the most monumental hacks in cryptocurrency exchange history, Bybit has reclaimed close to $700 million in Ethereum mere days after the security breach. This was accomplished through OTC deals and institutional loans, highlighting the agility of the crypto world in tackling security issues.
The recovery endeavor took off promptly when Bybit’s multisig cold wallet was breached through a clever URL masking trick, resulting in over 401,000 ETH, worth approximately $1.4 billion, being siphoned off. Blockchain analytics firm Lookonchain reports Bybit purchased 266,700 ETH, valued at $742 million, over two days to counter the deficit.
It seems that #Bybit has bought 266,694 $ETH ($742M) after being hacked.
0x2E45…1b77(related to #Bybit ) bought 157,660 $ETH $437.82 million from Galaxy Digital, FalconX, and Wintermute through over-the-counter channels.
0xd7CF…A995(likely related to #Bybit ) bought 109,033 $ETH ($304.12M) from DEXs and CEXs.… pic.twitter.com/8FfGZo18OU
— Lookonchain (@lookonchain) February 24, 2025
Data reveals that Bybit’s multi-faceted redemption plan involved acquiring 132,178 ETH, valued at $367 million, via OTC deals with prominent crypto firms, namely Galaxy Digital, FalconX, and Wintermute, initiated through a wallet under the code name “0x2E45…1b77,” the debut transaction being recorded on February 22 at 4:44 PM UTC.
Moreover, institutional loans were another funding source, with Bybit procuring 122,652 ETH, worth an estimated $326 million, from various exchanges and institutions. These backers included Bitget, MEXC, Binance, and DWF Labs, showcasing collective industry resolve for recovery.
A second wallet, “0xd7CF…A995,” $304 million worth of Ethereum was acquired through transactions on both centralized and decentralized platforms. While not officially tied to Bybit, firms like Lookonchain and Arkham Intelligence have tracked transaction patterns linking them back to Bybit.
Ben Zhou, Bybit's CEO and co-founder, confirmed that normal operations resumed. “Bybit has fully bridged the Ethereum gap,” Zhou stated, revealing that an upcoming audited Proof of Reserves (POR) report will verify the exchange’s restored 1:1 asset coverage via merkle tree validation.
Latest Update: Bybit has effectively closed the Ethereum deficit; an audited Proof of Reserves report will be released soon to showcase that Bybit has returned to 100% client asset backing through merkle tree proofing—stay informed. https://t.co/QLa1vOujM6
— Ben Zhou (@benbybit) February 24, 2025
The Recovery Unfolds
The perpetrator behind the breach has started moving the pilfered funds through several wallets. Out of the total stolen, 40,944 ETH (valued at $115 million) has been converted into Bitcoin and other forms via platforms such as Chainflip, THORChain, LiFi, DLN, and eXch. Despite this, a majority of the stolen ETH—458,451, worth $1.29 billion—remains unmoved.
To combat this ongoing threat, a coordinated effort among top blockchain organizations led to the freezing of $42.89 million in stolen funds in just 24 hours. Collaborators like Tether, THORChain, Avalanche, CoinEx, Bitget, and Circle helped to identify and block flagged addresses, constraining the hacker’s laundering pursuits.
Thanks to joint operations, $42.89 million was quickly frozen in just one day, thanks to the swift action by the following teams. @Tether_to : Flagged address and froze 181K USDT @THORChain : Blocked the blacklist @ChangeNOW_io : Froze 34 ETH @FixedFloat : Froze 120K USDC + USDT…
— Bybit (@Bybit_Official) February 23, 2025
To encourage the recovery of still missing funds, Bybit inaugurated a Recovery Bounty Program, which offers a 10% return on any recovered assets. This could result in rewards reaching $140 million upon the return of all lost assets.
Data from Lookonchain shows that Bybit has amassed approximately 446,870 ETH, equitating to about $1.23 billion, from whale deposits, loan agreements, and strategic ETH purchases consecutively since the heist. This inflow has been vital in normalizing the exchange's operations and ensuring seamless client servicing.
The breach was executed through a sophisticated ploy involving a disguised URL trick that compromised the exchange’s multisig cold wallet. This ranks among the most significant breaches in cryptocurrency exchange annals, underscoring the ongoing difficulties digital asset platforms face in safeguarding user assets.
Despite the scale of the breach, Bybit has managed to maintain its financial footing throughout the episode. Ben Zhou, the CEO, reassured users that their funds are secure while emphasizing Bybit's relentless commitment to asset protection.
The recovery mission persists as industry players unite in efforts to trace and freeze further misplaced funds. This collaboration between leading crypto platforms underscores the sector's ability to respond cohesively to security challenges.
By February 24, 2025, Bybit’s recovery initiatives are still active, as the exchange continues to partner with industry allies to uncover and reclaim any remaining stolen assets via its bounty program and ongoing monitoring of blockchain transactions.
