Bybit has regained half of its Ether reserves following a $1.4 billion cryptocurrency hack that sent shockwaves through the global Web3 industry. On February 21, Bybit exchange was hacked for over $1.4 billion worth of liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and other ERC-20 tokens, resulting in the largest crypto theft in history. Within two days of the attack, Bybit’s Ether reserves rebounded to nearly half of pre-hack levels, according to CryptoQuant data.
Bybit held more than 201,600 Ether at the time of writing, accounting for 45% of the 439,000 Ether it held before the hack on February 20. Following the breach, Bybit’s ETH reserves had plummeted to just 61,000 ETH on February 21. Part of the exchange’s growing reserves are attributed to spot buying. Bybit bought 106,498 Ether worth $295 million in over-the-counter (OTC) trades since the exploit occurred, according to crypto intelligence platform Lookonchain.
Crypto industry leaders and exchanges also rushed to assist Bybit with emergency transfers, including 50,000 Ether from Binance, 40,000 Ether from Bitget, and 10,000 Ether from Du Jun, co-founder of HTX Group, among others.
Bybit’s recovering exchange reserves and the exchange’s continued user withdrawals are a robust sign of trust for the crypto industry. Bybit processed more than 350,000 withdrawal requests in the 10 hours after the exploit, according to Bybit co-founder and CEO Ben Zhou.
Bybit loaned nearly $400 million since exploit. The crypto industry has provided Bybit with $390 million in emergency liquidity through loans and transfers, including $127 million from Binance-linked whales and $53 million from a single whale wallet, according to Lookonchain.
Following the hack, the value of Bybit’s total assets fell by over $5.3 billion, including the $1.4 billion lost to the hack, DefiLlama data shows.
Despite the $5.3 billion drop in Bybit’s total assets following the hack, the exchange’s reserves still exceed its liabilities, according to an independent proof-of-reserve (PoR) audit by Hacken. “Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed,” Hacken wrote in an X post.
What led to the $1.4 billion Bybit hack? Blockchain security analysts, including Arkham Intelligence and on-chain sleuth ZachXBT, have traced the Bybit attack to the North Korean state-affiliated Lazarus Group—which is also the prime suspect in the $600 million Ronin network hack. According to Meir Dolev, co-founder and chief technical officer at Cyvers, the attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack. Dolev said the Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change. “It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.” This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address,” Dolev told Cointelegraph.