TLDR
- Bybit exchange lost $1.4 billion in crypto assets to hackers on February 21, 2025
- North Korean Lazarus Group identified as the likely culprits behind the theft
- CEO Ben Zhou announced a bounty program with rewards up to 10% of recovered funds
- Bybit claims to have already restored the stolen assets to maintain user confidence
- This hack exceeds all previous crypto thefts, dwarfing the $600M Ronin Bridge hack
A massive security breach at Bybit cryptocurrency exchange resulted in the theft of $1.4 billion worth of digital assets on February 21, marking what experts are calling the largest cryptocurrency hack in history. The incident has set off a chain reaction of recovery efforts led by the exchange’s top executives.
The stolen assets included liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and various ERC-20 tokens. Security researcher ZachXBT was among the first to identify the breach, linking it to the infamous Lazarus Group, a hacking collective with ties to North Korea.
Bybit CEO Ben Zhou responded forcefully on February 25 through a post on the social platform X. “We have assigned a team to dedicate to maintain and update this website, we will not stop until Lazarus or bad actors in the industry is eliminated,” wrote Zhou, announcing what he termed a “war against Lazarus.”
At the heart of Bybit’s counter-offensive is a new bounty program that offers substantial rewards for help in recovering the stolen cryptocurrency. The initiative promises a 5% reward for those who assist in freezing illegally moved funds, with certain cases qualifying for bounties of up to 10%.
With $1.4 billion in stolen assets, these bounty rewards could reach as high as $140 million. This creates what many industry observers describe as one of the most lucrative recovery incentives ever offered in the cryptocurrency sector, potentially attracting top talent in blockchain forensics and security.
The Digital Heist and Recovery Plan
The February attack stands in a class of its own when compared to previous cryptocurrency thefts. The 2022 Ronin Bridge hack, previously considered among the largest in the industry, resulted in losses of roughly $600 million – less than half of what was taken from Bybit.
Bybit moved swiftly to address customer concerns in the wake of the hack. On February 23, just 48 hours after the attack, the exchange announced it had fully replaced all stolen assets from its own reserves. In their statement, the company assured users that Bybit was “back to 100% 1:1 on client assets,” suggesting that all customer funds were once again fully backed.
The approach taken by Zhou and Bybit’s management team represents a departure from how some exchanges have handled major breaches in the past. While many cryptocurrency platforms have offered direct bounties to hackers themselves to return funds and avoid prosecution, Bybit is taking a more confrontational stance by directly targeting the Lazarus Group.
Security experts have mixed opinions about this strategy. Some praise the bold approach as a way to deter future attacks, while others caution that publicly challenging a state-sponsored hacking group could make the exchange a target for additional attacks in the future.
Blockchain security company PeckShield released data showing hackers and scammers stole over $3 billion through crypto-related activities in 2024, with phishing attacks proving to be the most lucrative method. However, their research also indicated that the overall frequency of hacks and scams has been decreasing since 2022, with fewer incidents reported toward the end of 2024.
In the technical community, the Bybit hack has sparked debate about underlying vulnerabilities in blockchain systems. Notable Bitcoin advocate Adam Back criticized what he described as “EVM mis-design” (referring to the Ethereum Virtual Machine) as a root cause of the Bybit security failure, highlighting tensions between different blockchain communities over security approaches.
Bybit has said it plans to eventually expand its bounty program to help other victims of Lazarus Group attacks, positioning its initiative as part of a broader industry defense against North Korean hacking operations.
For Bybit, founded in 2018 and now among the top cryptocurrency exchanges globally, the hack creates both technical challenges and questions about user trust. The company’s quick replacement of stolen funds appears designed to maintain confidence in its platform despite the unprecedented scale of the theft.
Blockchain tracking experts continue monitoring wallet addresses associated with the stolen funds. Initial tracking suggests the hackers began moving and attempting to launder the stolen cryptocurrency shortly after the theft, employing various techniques to hide the flow of funds across different platforms.
The attack comes as regulatory authorities worldwide increase scrutiny of cryptocurrency exchanges and their security practices. Many financial regulators point to incidents like the Bybit hack as justification for stricter oversight of digital asset platforms.
Forensic blockchain investigators note that tracing the stolen assets will likely be a months-long process, with funds potentially moving through dozens of wallets, exchanges, and mixing services designed to obscure their origin.
Zhou’s bounty program is being closely watched by the crypto industry as a potential new model for responding to large-scale hacks. If successful, it could establish a precedent for how exchanges handle future security breaches in what continues to be a high-risk environment for digital asset custodians.
The Bybit hack on February 21 was quickly followed by CEO Ben Zhou’s February 25 declaration of “war against Lazarus” and launch of a bounty program offering up to $140 million in rewards to anyone helping recover the $1.4 billion in stolen cryptocurrency.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
