TLDR
- A $1.4B hack on Bybit led to the theft of 401,000 ETH from its cold wallet system
- The exchange acquired 254,830 ETH ($700M) within 48 hours through strategic partnerships
- Industry collaboration has frozen $43M of stolen funds with assistance from major platforms
- A 10% bounty program launched for recovery of remaining stolen assets
- The hacker still controls 91.7% of stolen funds, worth about $1.29B
A major cryptocurrency exchange hack has resulted in the theft of $1.4 billion worth of Ethereum from Bybit’s cold wallet system. The breach, which occurred through a sophisticated manipulation of contract logic using a masked URL trick, has triggered an immediate response from both the exchange and the broader crypto community.
In the aftermath of the security incident, Bybit has moved quickly to stabilize its platform by acquiring 254,830 ETH, valued at approximately $700 million. The exchange completed this substantial acquisition within just 48 hours of detecting the breach, working through various channels to secure the necessary funds.
Blockchain data analysis firm Lookonchain has tracked the exchange’s recovery efforts, revealing that Bybit purchased 266,700 ETH worth $742 million through two separate wallets. The first wallet, identified by the address “0x2E45…1b77,” began its operations on February 22 at 4:44 PM UTC, focusing on over-the-counter transactions with established crypto firms.
The recovery operation involved multiple industry partners. Galaxy Digital, FalconX, and Wintermute participated in OTC deals that provided Bybit with 132,178 ETH, worth $367 million. These transactions formed a crucial part of the exchange’s immediate response strategy.
Additional support came through institutional lending channels, with Bybit securing 122,652 ETH ($326 million) from various platforms. The lending group included major players such as Bitget, MEXC, Binance, and DWF Labs, demonstrating the industry’s willingness to support recovery efforts during critical incidents.
A second wallet associated with the recovery efforts, “0xd7CF…A995,” handled $304 million in Ethereum purchases. These transactions were executed across both centralized and decentralized exchanges, showing Bybit’s multi-faceted approach to rebuilding its ETH reserves.
The Recovery Unfolds
The hacker behind the breach has maintained control over a substantial portion of the stolen assets. Currently, 458,451 ETH ($1.29 billion) remains in addresses linked to the attacker, representing 91.7% of the total theft. The perpetrator has begun moving some funds, converting 40,944 ETH ($115 million) into Bitcoin and other cryptocurrencies through various platforms including Chainflip, THORChain, and LiFi.
Ben Zhou, Bybit’s CEO and co-founder, has addressed the situation publicly, confirming that the exchange has restored its ETH reserves. Zhou announced that an updated Proof of Reserves report will be released to verify the full restoration of the exchange’s 1:1 client asset backing through merkle tree verification.
The crypto industry has mounted a coordinated response to limit the hacker’s ability to move stolen funds. Within 24 hours of the breach, collaborative efforts succeeded in freezing $42.89 million of the stolen assets. This initiative has involved multiple platforms including Tether, THORChain, Avalanche, CoinEx, Bitget, and Circle.
To encourage the return of remaining stolen funds, Bybit has established a Recovery Bounty Program. The program promises a 10% reward for any recovered assets, potentially offering up to $140 million in bounties if all stolen funds are retrieved.
Data from Lookonchain indicates that Bybit has received approximately 446,870 ETH ($1.23 billion) through a combination of whale deposits, institutional loans, and direct ETH purchases since the incident began. These inflows have helped maintain the exchange’s operational stability.
The security breach occurred when attackers exploited Bybit’s multisig cold wallet system through a sophisticated method involving masked URLs. This technique allowed the perpetrators to manipulate the contract logic controlling the wallet’s security protocols.
Technical analysis of the hack has revealed the complexity of the attack vector, highlighting the evolving challenges faced by cryptocurrency exchanges in securing digital assets. The incident ranks among the largest exchange hacks in cryptocurrency history.
Despite the scale of the theft, Bybit has maintained regular operations throughout the recovery period. The exchange continues to process user transactions while working to strengthen its security infrastructure against future threats.
Industry observers are closely monitoring blockchain movements associated with the stolen funds. The high-profile nature of the theft has resulted in increased scrutiny of suspicious transactions across major trading platforms.
As of February 24, 2025, efforts continue to track and recover the remaining stolen assets. The investigation remains active, with blockchain analysis firms and security experts collaborating to identify additional opportunities to freeze or recover the stolen cryptocurrency.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
