The Crypto Landscape Post-Hack
In a shocking turn of events, Bybit, a leading cryptocurrency exchange, has experienced massive outflows exceeding $5.5 billion. This surge in withdrawals follows a significant security breach that resulted in hackers, believed to be linked to North Korea’s notorious Lazarus Group, stealing approximately $1.5 billion from the exchange’s ether cold wallet.
A Drastic Decline in Assets
According to data from DeFiLlama, the total assets held in wallets associated with Bybit plummeted from around $16.9 billion to a mere $11.2 billion. In the aftermath of the hack, the exchange is now working diligently to ascertain the full scope and implications of the breach.
Immediate Response from Bybit Leadership
During an X spaces session, Bybit’s CEO Ben Zhou shared insights into the exchange’s response. He emphasized the urgency of the situation, stating that he immediately called for a team-wide effort to assist clients with processing withdrawals and addressing their concerns.
Zhou revealed that the breach led to the hackers absconding with roughly 70% of clients’ ether holdings. To manage the withdrawal surge, Bybit found it necessary to secure a loan. Interestingly, Zhou noted that despite the significant ether withdrawals, the majority of users opted to withdraw stablecoins from the platform.
Reserves and Security Measures
Although Bybit had reserves to accommodate these withdrawals, the situation escalated when Safe, a decentralized custody protocol, temporarily disabled its smart wallet functionalities. This decision aimed to restore confidence in the platform’s security, as the protocol allows users to maintain custody of their funds with enhanced security features.
As Zhou explained, $3 billion worth of USDT was held in a Safe wallet that was recently shut down to assess the situation. In a statement, Safe confirmed that there was no evidence of compromise to its official frontend but decided to halt certain functionalities as a precautionary measure.
Withdrawal Requests Surge
As the Bybit team scrambled to stabilize the situation, withdrawal requests began to flood in. Within just two hours of the security breach, the exchange was inundated with requests to withdraw over $100,000 each. Zhou instructed his security team to collaborate with Safe to devise a more efficient method for facilitating these withdrawals.
In a race against time, the team developed new software based on Etherscan to manually verify transaction signatures, which allowed them to transfer stablecoins back to their wallets and address the rising demand for withdrawals. According to Zhou, the team worked tirelessly overnight to fulfill these requests while managing a staggering bank run that accounted for approximately 50% of all funds on the exchange.
Reassessing Security Protocols
Following the incident, Zhou indicated that Bybit has moved a significant portion of its funds off Safe cold wallets and is actively exploring alternative systems to bolster its security.
Exploring the Possibility of a Blockchain Rollback
In light of the hack, Bybit has engaged with relevant authorities, with Zhou noting that Singaporean officials are treating the matter with utmost seriousness. The situation has also attracted the attention of blockchain analysis firms such as Chainalysis, as Zhou expressed hope that Bybit can track and potentially recover the stolen ether.
Intriguingly, discussions surrounding the potential to “roll back” the Ethereum blockchain have emerged. This contentious suggestion, which has been floated by various industry figures including BitMEX co-founder Arthur Hayes, is under consideration, provided there is community consensus.
Zhou revealed that his team has been in contact with Vitalik Buterin and the Ethereum Foundation to explore possible avenues for recovery. However, he acknowledged the complexity of such a decision, emphasizing that it should reflect the community’s desires.
Understanding the Cause of the Breach
As investigations continue, the exact cause of the hack remains elusive. Zhou stated that Bybit’s laptops have not been compromised, and initial scrutiny of the transaction signers’ movements suggests that they were routine. He concluded, “We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know.”
As Bybit navigates this challenging period, the implications of the hack will undoubtedly reverberate throughout the cryptocurrency industry, prompting exchanges and users alike to reassess their security measures and risk management strategies.
