Bybit Regains Stability After Major Security Breach
Bybit, one of the leading cryptocurrency exchanges, has successfully addressed the significant financial gap created by a $1.4 billion hack that occurred late last Friday. The platform has restored a 1:1 backing of client assets, effectively closing what has been termed the “ether gap” following the unprecedented cyberattack.
Significant Ether Recovery in Just Two Days
In a remarkable turnaround, Bybit has acquired a total of 446,870 ether (ETH), valued at approximately $1.23 billion according to current market prices. This impressive recovery has been facilitated through various means, including loans, substantial deposits, and ether purchases, as reported by the on-chain tracking service Lookonchain.
The acquisition process included:
– **Over-the-Counter Trading:** More than $400 million in ether was purchased through OTC transactions.
– **Direct Exchange Purchases:** An additional $300 million was acquired directly from exchanges.
– **Loans:** Nearly $300 million was sought as loans.
– **Crypto Funds:** The remainder came from addresses believed to belong to cryptocurrency investment funds.
Market Response and ETH Price Movements
The swift buying activity over the weekend resulted in an uptick in ETH prices, which surged by up to 4%. However, in the past 24 hours, the sentiment appears to have shifted, leading to a 2% decline in prices as market confidence remains cautiously optimistic.
Bybit also reported that as of late Sunday, all deposit and withdrawal activities had returned to normal levels. Notably, total deposits slightly exceeded withdrawals on Saturday, indicating a positive sign of market confidence among users.
A Closer Look at the Hack’s Execution
The cyberattack on Bybit specifically targeted one of its offline “cold” wallets, which are generally considered secure due to their disconnection from the internet. The breach allowed hackers to withdraw a staggering $1.4 billion in ETH.
The attackers employed a sophisticated strategy involving a manipulated user interface (UI) and URL, which enabled them to modify the smart contract’s logic. This manipulation redirected the funds to an undisclosed wallet. Following the theft, the stolen assets were dispersed across multiple wallets and exchanged on decentralized platforms.
Connections to Notorious Hacking Groups
Blockchain investigator ZachXBT has linked this hack to the Lazarus Group, a state-sponsored hacking organization from North Korea known for its high-profile cryptocurrency thefts. Notable past attacks attributed to Lazarus include the $600 million heist of the Ronin Network in 2022 and a $230 million breach of the Indian exchange WazirX in 2024.
This incident serves as a reminder of the evolving landscape of cybersecurity threats within the cryptocurrency space and reinforces the need for robust security measures to protect digital assets.
