TLDR:
- Bybit, a cryptocurrency exchange, purchased and borrowed nearly $700M worth of Ethereum (254,830 ETH) to cover losses from a recent $1.4B hack within 48 hours
- The exchange made OTC deals with Galaxy Digital, FalconX, and Wintermute, while securing institutional loans from Bitget, MEXC, Binance, and DWF Labs
- The hacker who stole $1.4B has laundered 40,944 ETH ($115M) into Bitcoin and other assets, but still holds 91.7% of the stolen funds
- A coordinated industry effort has resulted in freezing $43M of stolen funds within two days of the hack
- Bybit has launched a Recovery Bounty Program offering a 10% reward on recovered assets, potentially reaching $140M
Cryptocurrency exchange Bybit has purchased and borrowed approximately $700 million worth of Ethereum within 48 hours to cover losses from a security breach that resulted in the theft of $1.4 billion in digital assets.
The exchange acquired 254,830 ETH through a combination of over-the-counter (OTC) purchases and institutional loans. According to blockchain data, Bybit purchased 132,178 ETH, valued at $367 million, through deals with three main partners: Galaxy Digital, FalconX, and Wintermute.
To supplement these purchases, Bybit borrowed 122,652 ETH, worth $326 million. These loans came from various crypto platforms including Bitget, MEXC, Binance, and DWF Labs, demonstrating the exchange’s ability to quickly source funds during the crisis.
Ben Zhou, CEO and co-founder of Bybit, addressed the situation by stating that the exchange has closed the ETH gap. Zhou announced that a new audited Proof of Reserves report would soon be published to show the exchange’s 1:1 client asset backing, despite the stolen funds remaining at large.
Latest Update: Bybit has already fully closed the ETH gap, new audited POR report will be published very soon to show that Bybit is again Back to 100% 1:1 on client assets through merkle tree, Stay tuned. https://t.co/QLa1vOujM6
— Ben Zhou (@benbybit) February 24, 2025
The security breach occurred when a hacker exploited Bybit’s multisig cold wallet using a masked URL trick. This manipulation of contract logic allowed the attacker to drain over 401,000 ETH from the exchange’s holdings.
Blockchain analytics show that the hacker has begun moving the stolen funds, laundering 40,944 ETH (approximately $115 million) into Bitcoin and other cryptocurrencies. These transactions were conducted through various platforms including Chainflip, THORChain, LiFi, DLN, and eXch.
The hacker maintains control of 458,451 ETH, valued at $1.29 billion. This represents 91.7% of the total stolen amount, meaning the majority of the original theft remains in the attacker’s possession.
Response from the Industry
A coordinated response from the crypto industry has yielded some results. Within two days of the hack, approximately $43 million in stolen funds were frozen through joint efforts of major blockchain entities.
Multiple platforms have joined the effort to track the stolen funds. Tether, THORChain, Avalanche, CoinEx, Bitget, and Circle have all contributed by identifying and blocking blacklisted addresses, creating obstacles for the attacker attempting to move the stolen funds.
Blockchain analytics firm Lookonchain reports that Bybit has received about 446,870 ETH, approximately $1.23 billion, from various sources including whale deposits, loans, and direct ETH purchases since the incident.
It seems that #Bybit has bought 266,694 $ETH($742M) after being hacked.
0x2E45…1b77(related to #Bybit) bought 157,660 $ETH($437.82M) from Galaxy Digital, FalconX, Wintermute via OTC.
0xd7CF…A995(likely related to #Bybit) bought 109,033 $ETH($304.12M) from DEXs and CEXs.… pic.twitter.com/8FfGZo18OU
— Lookonchain (@lookonchain) February 24, 2025
Two specific wallets have been identified in connection with Bybit’s ETH acquisition. The first wallet, labeled “0x2E45…1b77,” purchased 157,660 ETH worth $437 million through OTC transactions. A second wallet, “0xd7CF…A995,” was involved in acquiring $304 million worth of Ethereum through both centralized and decentralized exchanges.
To incentivize the recovery of the stolen funds, Bybit has introduced a Recovery Bounty Program. The program offers a 10% reward on any recovered assets, potentially reaching $140 million if the full amount is successfully returned.
The exchange maintains that regular trading operations have continued throughout this incident. User funds remain accessible according to statements from CEO Ben Zhou.
Additional blockchain data reveals that Bybit has purchased 266,700 ETH worth $742 million across two days, as reported by Lookonchain. These transactions were completed through various channels including OTC deals and exchange purchases.
The purchases and loans represent a temporary solution while the exchange continues efforts to recover the stolen funds through industry collaboration and its bounty program.
