Bybit, a major cryptocurrency exchange, has experienced total outflows exceeding $5.5 billion after hackers, believed to be affiliated with North Korea’s Lazarus Group, drained its ether cold wallet in a $1.5 billion cyberattack. The hack sent shockwaves through the crypto community, forcing Bybit into emergency action to protect its users and secure its remaining assets.
Bybit’s Crisis Unfolds
According to data from DeFiLlama, total assets tracked on wallets associated with Bybit plunged from approximately $16.9 billion to $11.2 billion. Bybit’s CEO, Ben Zhou, acknowledged the severity of the breach and held an X Spaces session to explain how the team responded in real time.
Shortly after the attack, Zhou called for “all hands on deck” to ensure smooth withdrawal processing and transparency for users. He revealed that hackers stole roughly 70% of clients’ ether holdings, forcing the exchange to secure a loan to cover immediate withdrawals. Surprisingly, most users opted to withdraw stablecoins rather than ether, creating additional liquidity concerns.
Safe’s Shutdown Worsens the Crisis
The crisis escalated when Safe, a decentralized custody protocol providing smart contract wallets, temporarily shut down its functionalities to ensure security. This move created a significant roadblock for Bybit, as $3 billion worth of USDT was stored in a Safe wallet that became inaccessible. While Safe reported no evidence of a compromise in its official frontend, it took precautionary measures by disabling certain functions.
As withdrawal requests surged past $100,000 within two hours of the breach, Zhou directed his security team to collaborate with Safe to find a workaround. The team developed new software with Etherscan-based code to manually verify signatures and restore access to the locked funds. This intensive effort allowed Bybit to move its $3 billion stablecoin reserves and fulfill withdrawal requests despite the ongoing crisis.
Bybit Faces a 50% ‘Bank Run’
As news of the hack spread, Bybit faced a massive bank run, with about 50% of all exchange funds being withdrawn. To mitigate risks, the exchange promptly moved significant assets away from Safe wallets and is now evaluating alternative custody solutions to replace Safe’s system.
Zhou assured users that Bybit had sufficient reserves to cover withdrawals, but he acknowledged the situation’s complexity and the need for a more robust security framework moving forward. The breach highlighted vulnerabilities in smart contract wallet integrations and the need for greater resilience in crypto asset management.
Engaging Authorities and Blockchain Analysts
Bybit swiftly engaged Singaporean authorities, who took the matter “very seriously.” Zhou believes the investigation has already escalated to Interpol, signaling a coordinated international effort to track the stolen funds. Blockchain analysis firms, including Chainalysis, are actively working to trace the stolen ether and assist in recovery efforts.
Zhou remains hopeful about retrieving the lost funds, stating, “As long as Bybit is there and continues to track [the stolen ether], I hope we can get these funds back.” However, the complex nature of on-chain transactions poses significant challenges to recovery efforts.
Rolling Back Ethereum: A Controversial Consideration
One of the most contentious discussions emerging from the hack is the possibility of rolling back the Ethereum blockchain to recover the stolen funds. Industry figures, including BitMEX co-founder Arthur Hayes, raised the idea on social media.
Zhou confirmed that Bybit engaged in discussions with Ethereum co-founder Vitalik Buterin and the Ethereum Foundation for potential recommendations. While rolling back the blockchain remained an option for a brief period, Zhou expressed uncertainty about its feasibility.
“I do really thank all these guys on Twitter asking if there is a possibility to roll back the chain. I’m not sure what was the response on their side, but anything that would help we would try,” Zhou stated.
Would a Blockchain Rollback Be Possible?
A blockchain rollback would involve a state change that allows for fund recovery. While Bitcoin could theoretically undergo a rollback, Ethereum’s architecture makes this significantly more complex due to its reliance on smart contracts and state-based interactions.
Any such state change would require broad community consensus, potentially leading to a contentious hard fork. A rollback scenario could divide the Ethereum network into two chains, each with its own ecosystem and supporters. This would introduce significant uncertainty and potentially undermine trust in Ethereum’s immutability.
When asked about the viability of a rollback, Zhou responded, “I’m not sure it’s a one-man decision based on the spirit of blockchain. It should be a work in process to see what the community wants.”
Unclear Cause Behind the Breach
Despite ongoing investigations, the exact cause of the security breach remains unknown. Zhou ruled out a direct compromise of Bybit’s laptops or transaction signers, suggesting that the attack originated from the Safe cold wallet system.
“We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know,” Zhou admitted.
This uncertainty raises concerns about the security of smart contract wallets used by major exchanges. The incident has prompted calls for improved auditing and monitoring of cold storage solutions to prevent similar breaches in the future.
Bybit’s Road to Recovery
The Bybit hack serves as a stark reminder of the risks associated with centralized exchange custody and smart contract vulnerabilities. The exchange is now working to rebuild trust and enhance security measures. Some key steps in Bybit’s recovery plan include:
- Transitioning away from Safe wallets: Bybit is exploring alternative cold storage solutions to replace Safe’s system and prevent similar incidents.
- Strengthening security protocols: The exchange is conducting internal security audits and may introduce additional multi-signature safeguards.
- Enhancing transparency: Zhou’s open communication during the crisis has been well-received, and Bybit plans to continue updating users on security improvements.
- Working with regulators: The engagement with Singaporean authorities and Interpol reflects Bybit’s commitment to pursuing legal avenues for fund recovery.
Conclusion
Bybit’s $1.5 billion hack represents one of the most significant security breaches in crypto history. The Lazarus Group’s involvement suggests a high level of sophistication, making fund recovery a daunting challenge. While Bybit successfully managed a rapid response to mitigate losses, the incident has sparked industry-wide discussions about the security of smart contract wallets and the feasibility of blockchain rollbacks.
As investigations continue, Bybit must adapt to a rapidly evolving threat landscape. The exchange’s ability to restore confidence and implement stronger security measures will determine its future in an increasingly competitive crypto market.
ALSO READ: Bybit Crypto Exchange Hacked for $1.5 Billion in Ethereum
