|
Getting your Trinity Audio player ready...
|
Cryptocurrency exchange Bybit has reportedly recovered its reserves, after North Korean hackers stole nearly $1.5 billion (£1.2bn) – in what has been labelled as the largest-ever crypto theft.
The attack, disclosed last Friday, sparked liquidity fears and panic selling. But Bybit insisted at the time that it was “solvent” and that client funds were “safe”.
“Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” Ben Zhou, chief executive of the Dubai-based company said at the time in a social media post.
Bybit heist
“All client funds are safe, and our operations continue as usual without any disruption,” Zhou added.
And in less than 72 hours, Bybit pieced together hundreds of thousands of ether tokens through a mix of emergency loans and large deposits, CNBC has reported.
The crypto exchange reportedly secured nearly 447,000 ether tokens through emergency funding from firms such as Galaxy Digital, FalconX and Wintermute.
And CNBC reported that a proof of reserves audit conducted by cybersecurity firm Hacken confirmed that Bybit had successfully restored its reserves, verifying that all major assets – including bitcoin, ether, solana, tether and USDC – exceeded a 100 percent collateralisation ratio.
“We’re close to 100% on our ETH reserves, and deposits & withdrawals are back to normal,” Bybit had tweeted on X (formerly Twitter) earlier this week. “Through it all, the crypto community, our partners, and our users have shown unwavering support – thank you.”
The restoration of Bybit’s reserves however has (so far) not seen the recovery of the stolen funds.
“We know where our funds have gone, and we’re committed to turning this experience into an opportunity to strengthen the ecosystem,” Bybit posted. “Initiatives are coming to help the crypto space grow stronger.”
It seems that the Bybit breach took place during a routine internal transfer, when the platform was moving funds from its offline “cold wallet,” designed for secure, long-term storage, to a “warm wallet,” which enables active trading.
During that transfer, hackers exploited security gaps, intercepting the transaction and redirecting the funds to an unknown address, CNBC noted.
North Korea
Another Bybit post stated that it had so far frozen $42.89m in one day, thanks to the efforts of a number of flagged individuals.
Meanwhile Arkham Intelligence, a blockchain intelligence platform, said North Korean state-backed Lazarus Group hacking gang was behind the theft.
This identification was also confirmed by Blockchain analytics firm Elliptic.
The stolen funds were initially dispersed across 50 different wallets, each holding about 10,000 ether tokens, according to Elliptic, as part of an effort to launder the coins.
As of 24 February, more than $195 million, or roughly 14.5 percent of the stolen assets, had been transferred, CNBC reported.
Meanwhile Bybit CEO Ben Zhou, in a separate tweet, called on the crypto community “to join us on war against Lazarus.
Join us on war against Lazarus – https://t.co/6DnaH1WTId
Industry first bounty site that shows aggregated full transparency on the sanctioned Lazarus money laundering activities. V1 includes:
– Becoming a bounty hunter by connecting your wallet and help tracing the fund, when…— Ben Zhou (@benbybit) February 25, 2025
Bybit has offered a 10 percent bounty for the return of the stolen funds, but history suggests the odds of recovery are slim.
Unlikely recovery
This is because the Lazarus Group is a North Korean state-backed hacking gang, and North Korea has been the most prolific backer of high-value crypto thefts in recent years.
Indeed, the Lazarus Group was linked to $1.34bn in crypto thefts last year – the highest annual figure up to that time and more than double the amount stolen the previous year.
North Korean attacks in 2024 accounted for more than half of the $2.2bn in crypto thefts that year.
The Lazarus Group reportedly uses the stolen assets to fund North Korea’s nuclear program.
In 2022, the Lazarus Group stole $600 million from Axie Infinity and, despite law enforcement intervention, only $30 million was recovered, CNBC reported.
Other notable crypto thefts include the one in 2021, where $611m was stolen from Poly Network, although the hacker in this case eventually returned all the stolen funds and was hired by Poly Network.
In 2019 hackers also attacked the world’s largest cryptocurrency exchanges (Binance) and stole 7,000 bitcoins, worth worth $41m at the time.
In 2018 in Tokyo hackers broke into a cryptocurrency exchange called Coincheck and made off with nearly $500 million in digital tokens.
In August 2016 the crypto exchange platform Bitfinex in Hong Kong, which was the world’s largest dollar-based exchange for bitcoin, was hacked, and 119,756 bitcoin was stolen from users’ accounts.
Prior to that in 2014, Tokyo-based bitcoin exchange Mt Gox filed for bankruptcy in the US and Japan after it lost 850,000 bitcoins (worth $500m).
