Bybit has regained half of its Ether reserves following a $1.4 billion cryptocurrency hack that sent shockwaves through the global Web3 industry.
On Feb. 21, Bybit exchange was hacked for over $1.4 billion worth of liquid-staked Ether (STETH), Mantle Staked ETH (mETH) and other ERC-20 tokens, resulting in the largest crypto theft in history.
Within two days of the attack, Bybit’s Ether reserves rebounded to nearly half of pre-hack levels, according to CryptoQuant data.
Ethereum: Exchange Reserve - Bybit, 1-month chart. Source: CryptoQuant
Bybit held more than 201,600 Ether at the time of writing, accounting for 45% of the 439,000 Ether it held before the hack on Feb. 20. Following the breach, Bybit’s ETH reserves had plummeted to just 61,000 ETH on Feb. 21.
Part of the exchange’s growing reserves are attributed to spot buying. Bybit bought 106,498 Ether worth $295 million in over-the-counter (OTC) trades since the exploit occurred, according to crypto intelligence platform Lookonchain.
Source: Lookonchain
Crypto industry leaders and exchanges also rushed to assist Bybit with emergency transfers, including 50,000 Ether from Binance, 40,000 Ether from Bitget and 10,000 Ether from Du Jun, co-founder of HTX Group, among others.
Source: Gracy Chen
Bybit’s recovering exchange reserves and the exchange’s continued user withdrawals are a robust sign of trust for the crypto industry.
Bybit processed more than 350,000 withdrawal requests in the 10 hours after the exploit, according to Bybit co-founder and CEO Ben Zhou.
Related: Lazarus Group consolidates Bybit funds into Phemex hacker wallet
Bybit loaned nearly $400 million since exploit
The crypto industry has provided Bybit with $390 million in emergency liquidity through loans and transfers, including $127 million from Binance-linked whales and $53 million from a single whale wallet, according to Lookonchain.
Source: Lookonchain
Following the hack, the value of Bybit’s total assets fell by over $5.3 billion, including the $1.4 billion lost to the hack, DefiLlama data shows.
Bybit total assets, inflows. Source: DefiLlama
Despite the $5.3 billion drop in Bybit’s total assets following the hack, the exchange’s reserves still exceed its liabilities, according to an independent proof-of-reserve (PoR) audit by Hacken.
“Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed,” Hacken wrote in an X post.
Related: Pig butchering scams stole $5.5B from crypto investors in 2024 — Cyvers
What led to the $1.4 billion Bybit hack?
Blockchain security analysts, including Arkham Intelligence and onchain sleuth ZachXBT, have traced the Bybit attack to the North Korean state-affiliated Lazarus Group — which is also the prime suspect in the $600 million Ronin network hack.
According to Meir Dolev, co-founder and chief technical officer at Cyvers, the attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack.
Dolev said the Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.
“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.”
This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address,” Dolev told Cointelegraph.
Magazine: China’s ‘point running’ crypto scams, pig butchers kidnap kids: Asia Express