Update Feb. 22, 1:45 pm UTC: This article has been updated to include a statement from Bybit CEO Ben Zhou.
Cryptocurrency exchange Bybit has maintained reserves exceeding its liabilities despite suffering a $1.4 billion hack and an overall $5.3 billion decline in total assets, according to DefiLlama data.
The Feb. 21 hack marked the largest crypto theft in history, with attackers stealing more than $1.4 billion in liquid-staked Ether (STETH), Mantle Staked ETH (mETH) and other ERC-20 tokens.
Since the incident, the value of Bybit’s total assets has fallen by over $5.3 billion, including the $1.4 billion lost to the hack, DefiLlama data shows.
Despite the hack and drop in assets, Bybit’s exchange reserves still exceed its liabilities, according to its independent Proof-of-Reserve (PoR) auditor, Hacken. In a Feb. 21 post on X, Hacken confirmed:
“Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed.”
Bybit processed more than 350,000 withdrawal requests within 10 hours, completing 99.9% of them by 1:45 am UTC, Bybit co-founder and CEO Ben Zhou said in a Feb. 22 X post.
“Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), all Bybit functions and products remain functional. The whole team had been awake all night to process and answer client questions and concerns,” Zhou wrote.
The Bybit hack alone accounts for more than half of the $2.3 billion stolen in crypto-related hacks in 2024, marking a significant setback for the industry.
The $1.4B Bybit hack: What you need to know
Blockchain security analysts, including Arkham Intelligence and on-chain sleuth ZachXBT, have traced the Bybit attack to the North Korean state-affiliated Lazarus Group—which is also the prime suspect in the $600 million Ronin network hack.
According to Meir Dolev, co-founder and chief technical officer at Cyvers, the attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack.
Dolev said the Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.
“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.”
This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address,” Dolev told Cointelegraph.
Bybit’s Ether cold wallet storage provider, Safe, was breached, but the incident did not affect the exchange’s internal systems, Bybit CEO Ben Zhou wrote in a Feb. 22 post on X.
The attack highlights that even centralized exchanges with strong security measures remain vulnerable to sophisticated cyberattacks, analysts say.
Over the past year, North Korean hackers were also responsible for the $305 million DMMBitcoin hack, the $50 million Upbit hack, the $50 million Radiant Capital hack, and the $16 million Rain Management hack, according to a joint statement issued by the United States, Japan, and South Korea.
The statement came nearly three weeks after South Korean authorities sanctioned 15 North Koreans for allegedly generating funds for North Korea’s nuclear weapons development program through cryptocurrency heists and cyber theft.