Bybit Quest to Reclaim $1.3B: Chasing Hack Funds and ETH Rollback
Bybit CEO Ben Zhou has vowed to pursue every recovery option after a cyberattack linked to the Lazarus Group siphoned over $1.4 billion from the exchange.
After a hacker seized an Ethereum cold wallet February 21, Zhou outlined the exchange’s response during an X Spaces session the next day. He explained that their plan involves launching a bounty program, partnering with law enforcement, and consulting with the Ethereum Foundation to find a solution.
On-chain security expert ZachXBT revealed that Bybit incurred losses amounting to millions in liquid-staked Ether, Mantle Staked ETH (mETH), and other ERC-20 tokens amid the breach. He further advised users to block any addresses tied to the incident.
Zhou later acknowledged the breach, and offered additional details about the security incident. He further explained that although the transaction appeared ordinary, it was embedded with malicious code engineered to manipulate the wallet’s smart contract and divert funds.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025The Bybit CEO raised the idea of reversing the hack’s effects by rolling back the Ethereum blockchain. “I’m not sure if it’s one man’s decision,” Zhou said, stressing that any rollback would require robust community involvement.
Lazarus Group Linked to Hack
According to ZachXBT’s evaluation, North Korea’s Lazarus Group is believed to have orchestrated the massive hack. This finding was independently confirmed by Arkham Intelligence, a leading blockchain analysis firm that tracks illicit transactions, which launched a bounty campaign to trace those responsible.
BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT
At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.
His submission included a detailed analysis of test transactions and connected wallets used ahead of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5
“His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as multiple forensics graphs and timing analyses,” Arkham Intelligence wrote.
In a thread on X, ZachXBT unveiled his analysis, saying that he swiftly tracked the stolen assets using on-chain data before passing his findings on to Arkham Intelligence.
The $1.4 billion breach has become the largest crypto exchange hack on record, rattling the industry and sparking immediate reactions from key players and major platforms.
Justin Sun, the TRON blockchain founder, announced on X that his network is teaming up with Bybit to help trace the misappropriated funds.
We have been monitoring the Bybit incident very closely and will do our best to assist our partners in tracking the relevant funds, providing all the support within our capabilities.
— H.E. Justin Sun
Read More
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
