TLDR
- Bybit cryptocurrency exchange was hacked for $1.4 billion on February 21, 2025
- CEO Ben Zhou declared “war against Lazarus,” the North Korean hacking group believed responsible
- Bybit has launched a bounty program offering 5-10% rewards for helping recover stolen funds
- The exchange claims it has already replaced the stolen crypto assets
- This hack represents the largest crypto theft in history, far exceeding the $600 million Ronin Bridge hack
In what is being described as the largest cryptocurrency theft in history, Bybit exchange suffered a massive security breach on February 21, resulting in the theft of over $1.4 billion in digital assets. The hack, which targeted primarily liquid-staked Ether (STETH), Mantle Staked ETH (mETH), and other ERC-20 tokens, has prompted an aggressive response from the company’s leadership.
Bybit CEO and co-founder Ben Zhou took to social media platform X on February 25, announcing a formal “war against Lazarus,” the notorious North Korean hacking group widely believed to be responsible for the attack. “We have assigned a team to dedicate to maintain and update this website, we will not stop until Lazarus or bad actors in the industry is eliminated,” Zhou stated publicly.
Join us on war against Lazarus – https://t.co/6DnaH1WTId
Industry first bounty site that shows aggregated full transparency on the sanctioned Lazarus money laundering activities. V1 includes:
– Becoming a bounty hunter by connecting your wallet and help tracing the fund, when…— Ben Zhou (@benbybit) February 25, 2025
The centerpiece of Bybit’s response is a newly launched bounty program designed to recover the stolen funds. According to the official bounty website, individuals who help freeze illegally moved assets can receive rewards equal to 5% of any recovered cryptocurrency. Some successful recovery efforts may qualify for even higher rewards, with the site stating, “Successful interceptions will be rewarded with a 10% bounty.”
Given the enormous sum stolen, these bounties could potentially reach up to $140 million, creating a powerful financial incentive for security experts and blockchain sleuths to join the recovery efforts. The bounty program represents one of the largest such initiatives ever created in response to a cryptocurrency hack.
The attack was first identified by renowned blockchain investigator ZachXBT, who linked the theft to Lazarus Group. This North Korean state-sponsored hacking collective has been tied to numerous high-profile cryptocurrency thefts in recent years, with reports suggesting they stole more than $3 billion worth of crypto from exchanges between 2017 and 2023.
Despite the massive scale of the theft, Bybit moved quickly to reassure its users. On February 23, just two days after the hack, the exchange announced it had completely replaced all stolen cryptocurrency from its own reserves. “Bybit is back to 100% 1:1 on client assets,” the company claimed in an official statement, suggesting that user funds are now fully backed.
Tracking Down the Biggest Crypto Heist
The February 21 breach far exceeds previous record-setting hacks in the cryptocurrency industry. For comparison, the 2022 Ronin Bridge hack, previously considered one of the largest in crypto history, resulted in losses of approximately $600 million – less than half the value stolen from Bybit.
Zhou’s aggressive stance against the hackers marks a departure from how some exchanges have handled similar situations in the past. While many companies offer bounties to hackers as an incentive to return stolen funds and avoid legal consequences, Bybit’s CEO has taken a more confrontational approach, explicitly stating an intent to “eliminate” Lazarus’ operations.
This bold strategy could carry risks of its own. Security experts have noted that such public declarations might make Bybit a target for future attacks, particularly from a sophisticated state-sponsored group like Lazarus that has demonstrated persistent capabilities over many years.
According to blockchain security firm PeckShield, hackers and scammers stole more than $3 billion through various crypto-related activities in 2024, with phishing attempts representing the most costly attack vector. However, PeckShield’s data indicates that the total number of hacks and scams has actually been on a downward trend since 2022, with incidents tapering off toward the end of 2024.
The broader cryptocurrency industry has taken note of the Bybit hack, with some security experts pointing to potential vulnerabilities in the Ethereum Virtual Machine (EVM) design. Bitcoin advocate Adam Back was among those criticizing what he termed “EVM mis-design” as a root cause of the Bybit security breach.
Bybit has indicated plans to expand its bounty program in the future to assist other victims of Lazarus Group attacks, positioning the initiative as part of a larger industry-wide defense effort against North Korean hackers.
The hack comes at a time when regulatory attention on cryptocurrency security has been increasing worldwide. Many financial authorities have cited security concerns and the risk of theft as key reasons for implementing stricter oversight of digital asset exchanges and services.
For Bybit, which was founded in 2018 and has grown to become one of the world’s largest cryptocurrency exchanges, the hack represents both a major security challenge and a test of user confidence. The company’s rapid response in replacing the stolen funds and launching the bounty program appears aimed at maintaining trust in its platform despite the unprecedented scale of the theft.
Blockchain forensics teams continue to track the movement of the stolen funds across various wallets and exchanges. Initial reports suggest the hackers began moving and attempting to launder the stolen cryptocurrency almost immediately after the theft, using various techniques to obscure the trail of funds.
The Bybit hack occurred on February 21, with CEO Ben Zhou declaring “war against Lazarus” four days later and launching a bounty program offering rewards of up to 10% for anyone who helps recover the $1.4 billion in stolen cryptocurrency.
