Bybit has successfully recovered from a massive hack that saw $1.4 billion in losses, with the exchange now fully closing the “ether gap” and returning to a 1:1 backing of client assets.

Recovery Efforts

In the past two days, Bybit has received 446,870 ether (ETH), worth $1.23 billion at current prices, through loans, large deposits, and ether purchases, according to on-chain tracking service Lookonchain.

Breakdown of Recovery Efforts

Address activity suggests that over $400 million were purchased through over-the-counter trading, with another $300 million brought directly from exchanges. Nearly $300 million were sought as loans, and the rest are from addresses apparently belonging to crypto funds.

Market Reaction

ETH prices rose up to 4% over the weekend amid the apparent buying activity, but are down 2% in the past 24 hours as sentiment isn’t fully lifted.

Bybit’s Statement

Bybit announced late Sunday that all deposit and withdrawal activity had “fully recovered to normal levels — with total deposits ‘slightly exceeding’ withdrawals as of Saturday in a sign of market confidence.”

Background on the Hack

The hack targeted one of Bybit’s offline “cold” wallets, which are typically considered secure due to their lack of internet connectivity, in a heist that allowed $1.4 billion in ETH to be withdrawn.

Hackers gained control by exploiting a sophisticated method involving a manipulated user interface (UI) and URL. This allowed the attackers to alter the smart contract logic, redirecting the funds to an unidentified address. The stolen assets were then split across multiple wallets and swapped on decentralized exchanges.

Link to North Korea’s Lazarus Group

Blockchain sleuth ZachXBT linked the hack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for crypto thefts. Lazarus was behind several high-profile crypto attacks, including the $600 million Ronin Network hack in 2022 and a $230 million drain on Indian exchange WazirX in 2024.

Conclusion

Bybit’s recovery from the massive hack is a testament to the exchange’s resilience and commitment to regaining the trust of its clients. The exchange’s swift response to the attack and its efforts to restore 1:1 backing of client assets demonstrate its dedication to maintaining the integrity and security of its platform.

FAQs

• What happened during the hack? Hackers exploited a sophisticated method involving a manipulated user interface (UI) and URL, allowing them to alter the smart contract logic and redirect funds to an unidentified address.
• How much was stolen during the hack? $1.4 billion in ETH was stolen during the hack.
• How did Bybit respond to the hack? Bybit quickly responded to the hack, working to recover the stolen funds and restore 1:1 backing of client assets.
• Who is behind the hack? Blockchain sleuth ZachXBT linked the hack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for crypto thefts.