Bybit CEO Ben Zhou has confirmed that the $1.5 billion security breach on the exchange resulted in the loss of 70% of its Ethereum (ETH) holdings. Despite the massive loss, customer funds remain covered, and the exchange has secured an emergency bridge loan to manage liquidity.
How Did the Bybit Hack Happen?
The attack, which was first flagged by on-chain analyst ZachXBT, involved over 400,000 ETH being drained from Bybit’s cold wallet before being quickly swapped into staked mETH and stETH tokens.
According to Cyvers security experts, the hackers manipulated Bybit’s cold wallet key signers into authorizing a malicious transaction, which appeared legitimate at the time. Jack Sanford, CEO of Sherlock DeFi, suggested that the hackers altered the multisig wallet’s smart contract rules, allowing them full control.
While it’s still unclear how the signers were tricked, Sanford noted possibilities such as a compromised UI or malware-infected computers used by the signers.
North Korean Lazarus Group Identified as Culprit
According to Arkham Intelligence, the notorious Lazarus Group from North Korea was responsible for the Bybit hack.
ZachXBT provided on-chain proof connecting the Bybit hack to the recent Phemex breach, further implicating Lazarus, a group infamous for targeting major crypto exchanges.
Can Bybit Cover the Loss?
Despite the severe loss, Bybit CEO Ben Zhou reassured customers that all funds are 1:1 backed, confirming that no user assets were affected.
Zhou also revealed that the exchange had already secured 80% of the lost Ethereum through a bridge loan to stabilize liquidity and process massive withdrawals.
While Binance co-founder Changpeng Zhao (CZ) advised Bybit to temporarily pause withdrawals as a safety measure, Zhou has resisted the idea for now.
Meanwhile, BitMEX co-founder Arthur Hayes jokingly called on Ethereum co-founder Vitalik Buterin to “roll back the chain”, referencing the Ethereum DAO hack rollback from a decade ago.
What’s Next for Bybit?
With liquidity concerns rising, Bybit is actively working with partners to stabilize its reserves. The hack underscores the importance of cold wallet security and raises concerns over exchange vulnerabilities.
While Bybit claims it can fully cover losses, traders remain cautious, closely watching the exchange’s next moves in the aftermath of this historic security breach.
