After a record $1.5-billion loss, Bybit suffers a $5.5-billion outflow – North Korean hackers are suspected behind the attack.

Bybit, a Dubai-based cryptocurrency exchange founded in 2018, has suffered a massive security breach, with hackers stealing approximately $1.5 billion worth of digital assets. The attack, which targeted Bybit’s Ethereum wallet, is now considered the largest crypto exchange hack to date, surpassing the $620 million theft from the Ronin Network in 2022.

Hackers exploited vulnerabilities in Bybit’s security, transferring stolen funds to an unidentified address. Despite the breach, Bybit’s founder, Ben Zhou, assured users that their assets remained safe and that the company would fully reimburse any affected customers. He stated that losses could be covered through Bybit’s reserves or external funding. At the time of the attack, Bybit held approximately $20 billion in assets.

After-shock consequences

Following the hack, the value of Ethereum dropped by 4% to $2,641.41 per coin this week. The breach raised concerns about the security of cryptocurrency exchanges, an industry that has faced multiple large-scale hacks over the years.

More to read:
Hackers stole 25 million US dollars by deepfaking company leadership

The attack triggered panic among users, leading to a significant outflow of funds. In the aftermath, Bybit experienced a "bank run," with total outflows exceeding $5.5 billion. The exchange’s tracked assets dropped from $16.9 billion to $11.2 billion within days, according to DeFiLlama data.

To manage the crisis, Zhou called for an emergency response, ensuring withdrawals were processed promptly. His team worked around the clock, as withdrawal requests surged, with users primarily withdrawing stablecoins rather than Ethereum. Within just two hours of the breach, over $100,000 had already been withdrawn.

As demand increased, Bybit moved $3 billion from its reserves to handle withdrawals, ultimately seeing around 50% of its total assets withdrawn from the platform.

More to read:
Hacker group claims Moscow pays billions of dollars to Tehran for Shaheds

To strengthen security, Bybit also transferred a significant amount of funds away from its Safe cold wallets, a decentralized custody protocol known for its smart contract wallets. The exchange is now evaluating alternative security systems to replace Safe, a decentralized custody protocol providing smart contract wallets for digital asset management.

Lazarus group identified as perpetrators

Blockchain investigator ZachXBT traced the hack to North Korea’s Lazarus Group, a notorious cybercriminal organization linked to multiple high-profile crypto heists. Arkham Intelligence confirmed these findings and launched a bounty campaign offering 50,000 ARKM tokens (valued at $31,500) for credible information about the attackers.

The attack sent shockwaves through the cryptocurrency industry, prompting swift responses from major players. Tron stated that his network was collaborating with Bybit to track the stolen funds. Other exchanges, including OKX and KuCoin, also pledged support in the investigation, emphasizing the need for stronger security measures across the industry.

More to read:
Chinese scientists hacked military-grade encryption with quantum computer

Despite the scale of the breach, Bybit continued operations, processing withdrawals and maintaining user access to its platform. Coinbase noted that Bybit's resilience demonstrated its financial stability, even in the face of a major security incident. Binance, the world's largest crypto exchange, also extended its support.

Bybit prided itself in welcoming among its early investors U.S. President Donald Trump and his billionaire backer Peter Thiel.

Sources: Bybit, Intel.Arkm, Binance, Coindesk, BBC, Cryptonews