- The breach led to mass withdrawals, with users pulling over $4 billion, bringing total outflows to more than $5.5 billion.
- While a significant amount of ether was lost, most withdrawals were reportedly in stablecoins, particularly USDT.
Bybit, one of the largest cryptocurrency exchanges, has been thrown into turmoil after suffering a $1.5 billion hack, reportedly linked to North Korea’s Lazarus Group, Coindesk reported. The breach triggered a mass withdrawal event, with users pulling over $4 billion, leading to total outflows surpassing $5.5 billion.
The cyberattack targeted Bybit’s ether cold wallet, wiping out nearly 70% of its clients’ ether holdings. Bybit CEO Ben Zhou disclosed that the immediate response involved an all-hands-on-deck effort to process withdrawals. While the loss of ether was significant, most withdrawals were in stablecoins, particularly USDT, rather than ETH.
However, the exchange reassured users that it had sufficient reserves to cover withdrawals. An additional hurdle emerged when Safe, a smart contract wallet provider, temporarily halted its functionalities. This move froze $3 billion in USDT stored in a Safe wallet, further complicating Bybit’s liquidity situation.
See Related: Lazarus, The North Korean Hacker Group Involved In Recent Japanese Phishing Scam
Software To Access Frozen Funds
Bybit’s security team reportedly worked overnight to develop a solution to withdraw the frozen $3 billion. The team created custom software using code based on Etherscan to manually verify signatures and transfer the stablecoins back into the exchange’s control. This effort was essential in preventing a complete liquidity crisis as withdrawal requests surged past 50% of total exchange holdings.
Following the attack, Bybit engaged with authorities, including Singaporean regulators and global blockchain analysis firms such as Chainalysis, to track the stolen funds. Zhou expressed hope that ongoing investigations could lead to fund recovery. The precise cause of the breach remains undetermined.
However, the exchange ruled out compromised employee laptops and continues to investigate whether the issue stemmed from Safe’s systems. Zhou confirmed that internal security reviews have yet to uncover definitive answers.
