Bybit lost 70% of Ether holdings, following a massive $1.4 billion hack

Cryptocurrency exchange Bybit has experienced a massive $5.5 billion outflow after suffering a $1.4 billion hack, believed to be carried out by North Korea’s Lazarus Group.

The breach triggered a "bank run," with users rushing to withdraw over $4 billion from the platform.

According to DeFiLlama, Bybit’s tracked wallet assets dropped from $16.9 billion to $11.2 billion.

The hackers allegedly drained a significant portion of Bybit’s Ether cold wallet, leading the company to investigate whether the breach stemmed from internal security failures or vulnerabilities within Safe, a decentralized custody provider.

Bybit CEO Ben Zhou described the crisis in an X Spaces session, revealing that hackers stole around 70% of clients' Ether holdings.

However, stablecoins were the most withdrawn assets as users scrambled to protect their funds.

Bybit had reserves to process withdrawals, but $3 billion in USDT was locked in a Safe wallet that had been temporarily shut down to ensure security. This further intensified withdrawal concerns.

To mitigate the crisis, Bybit, secured an emergency loan to process withdrawals. Developed new software to manually verify transactions and access frozen funds, and work around the clock to handle user requests.

Despite these efforts, Bybit faced a 50% depletion of its total funds, prompting a reassessment of its reliance on Safe’s smart contract wallets.

Bybit has engaged Singaporean authorities and Interpol to track the stolen funds. Blockchain analysis firms, including Chainalysis, have also been enlisted to monitor transactions related to the hack.

A controversial idea surfaced within the crypto community—rolling back Ethereum’s blockchain to recover stolen funds.

Zhou confirmed that Bybit consulted Ethereum co-founder Vitalik Buterin and the Ethereum Foundation about the feasibility of such a move.

However, this would require community consensus and could potentially split the Ethereum network into two chains.

The exact cause of the hack remains unknown. Bybit is examining whether the breach stemmed from internal security flaws or a vulnerability in Safe’s infrastructure.

Zhou stated that transaction signers’ activities appeared routine, ruling out initial suspicions of compromised employee devices.

Bybit has since moved substantial amount of assets away from Safe cold wallets and is exploring alternative custody solutions to prevent future attacks.