Bybit said it replenished its reserves following a $1.5 billion hack last week, the largest in the history of the crypto industry.
In less than 72 hours, Bybit pieced together hundreds of thousands of ether tokens through a mix of emergency loans and large deposits. While the rapid recovery restored the exchange’s balance and kept customer withdrawals open, it didn’t account for the stolen crypto.
The breach occurred during a routine internal transfer, when Bybit was moving funds from its offline “cold wallet,” designed for secure, long-term storage, to a “warm wallet,” which enables active trading. During that transfer, hackers exploited security gaps, intercepting the transaction and redirecting the funds to an unknown address.
Bybit CEO Ben Zhou wrote in a post on X on Sunday that the exchange remained solvent, adding that client assets were still fully backed, and that withdrawals remained open.
The company secured nearly 447,000 ether tokens through emergency funding from firms like Galaxy Digital, FalconX, and Wintermute. A proof of reserves audit conducted by cybersecurity firm Hacken confirmed that Bybit had successfully restored its reserves, verifying that all major assets — including bitcoin, ether, solana, tether, and USDC — exceeded a 100% collateralization ratio.
Recovering the stolen assets remains a challenge.
Blockchain analytics firm Elliptic has identified North Korea’s Lazarus Group as the perpetrators of the attack. The stolen funds were initially dispersed across 50 different wallets, each holding about 10,000 ether tokens, according to Elliptic, as part of an effort to launder the coins.
As of Feb. 24, more than $195 million — roughly 14.5% of the stolen assets — have already been transferred.
Bybit has offered a 10% bounty for the return of the stolen funds, but history suggests the odds of recovery are slim.
The Lazarus Group has a track record of laundering crypto to evade international sanctions, reportedly using stolen assets to fund North Korea’s nuclear program. In 2022, the group stole $600 million from Axie Infinity and, despite law enforcement intervention, only $30 million was recovered.
Ether, the token at the center of this attack, fell by about 5% in the past day.