- The crypto exchange ByBit was hacked last Friday, resulting in US$1.5 billion lost — the largest single crypto theft in history.
- ByBit’s CEO, Ben Zhou, says the hack occurred during a routine transfer of assets from one of the exchange’s cold wallets to one of its warm-wallets used to cover daily trading volume.
- A professional response from ByBit has limited the damage, with exchange’s apparent preparedness suggesting the crypto industry may be learning from past mistakes.
The world’s second-largest cryptocurrency exchange by trading volume, ByBit, was hacked last Friday, resulting in the theft of Ethereum ecosystem digital assets valued at US$1.5 billion (AU ($9.91)$2.3b). This hack is now considered the single largest crypto theft in history.
According to Bybit’s CEO, Ben Zhou, the breach occurred during a routine transfer of assets from one of the exchange’s Ethereum cold wallets to one of its ‘warm-wallets’ used to cover the day’s trading volume. Somehow the hackers were able to alter the smart-contract logic allowing them to take control of ByBit’s cold wallet and transfer the contents to the hacker’s wallet.
On a positive note, ByBit has handled this enormous theft unusually well, vowing to repay all lost customer funds and providing timely and accurate information. Largely due to ByBit’s transparency and honesty, the impact of the hack on the crypto market has been less negative than most expected — the price of Ethereum fell about 4% in the immediate aftermath, but has since almost fully recovered those losses.
Related: Secret North Korean Workforce Stealing Corporate Crypto to Fund Nuclear Weapons
Who’s Responsible For Record Theft?
Based on evidence provided by blockchain sleuth ZachXBT, Arkham Intelligence said there is now “definitive proof” the North Korean regime backed hacking unit, the Lazarus Group, is behind the theft.
ZachXBT also said he has linked wallets used in the ByBit hack to the hack of another crypto exchange called Phemex, which occurred just a few days earlier. The blockchain investigator says there are also links to the hack of the BingX crypto exchange from September last year.
The Lazarus Group is backed by the North Korean government and is believed to be behind many of the largest hacks in history, both crypto and non-crypto. Its crypto-hacks have been some of the largest ever recorded, including:
- The Axie Infinity attack in which US$620 million (AU$973m) worth or crypto was stolen.
- The Horizon Bridge attack in which US$100 million (AU$157m) worth of assets were stolen.
It’s believed the stolen funds are used by the North Korean regime to support its nuclear weapons program and to prop up its struggling economy in the face of widespread global sanctions.
ByBit Response Minimised Damage
ByBit’s swift and professional response prevented what could have been a much worse outcome for crypto markets.
Just an hour after the hack was identified, ByBit’s CEO, Ben Zhou, conducted a livestream to explain what happened in detail. Zhou explained the exchange was organising a bridging loan from its partners to help cover its losses and had already secured a large chunk of the stolen assets:
“For immediate sake, we are currently reaching out to our partners to give us a bridge loan. So, currently, we are not buying [Ethereum]. And even if we did want to buy, it is too big of amount to be moving around,” he said.
But we are getting help, support, from our partners, we actually already secured almost 80% of the Ethereum that’s been stolen as a bridge loan to give us that liquidity, to help us with the liquidity crunch, so we can pass this crucial period.
Ben Zhou, ByBit CEO Although there was a huge surge in withdrawals from ByBit as news of the hack spread — around 350,000 in the first 12 hours — all withdrawal requests were honoured, which further bolstered market confidence.
Zhou also took to X / Twitter to insist the exchange would remain solvent even if the US$1.5 billion theft was never recovered:
ByBit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
Ben Zhou, ByBit CEO To aid in the recovery of assets ByBit has created a bounty program offering to pay 10% of the recovered funds to anyone who plays an “active role in retrieving the stolen cryptocurrencies in the incident.”
Related: ‘Golden Age of Crypto’: Analysts Say Trump Win to Usher in New Era for US Crypto Policy
Despite being a worrying moment for crypto, this hack also seems to indicate the industry is maturing. In the past it’s quite possible a hack of this magnitude could’ve plunged the crypto market into another years-long ice age, but due to ByBit’s apparent resilience, the impact has been relatively small (so far), providing something of a silver lining to the worst hack in crypto history.
The post ByBit Breach: $1.5 Billion in Funds Stolen as Exchange Vows to Return Customer Assets appeared first on Crypto News Australia.
