Bybit Hack: $1.4 Billion Stolen, Lazarus Group Laundering Funds, and a $140M Bounty

The crypto industry is reeling from the largest exchange hack in history, as Bybit, the world’s second-largest crypto exchange by trading volume, suffered a $1.4 billion security breach. Despite the scale of the attack, Bybit has assured users that it remains fully solvent and has launched a $140 million bounty in an effort to recover the stolen assets.

On February 21, 2025, Bybit confirmed that its Ethereum cold wallet had been compromised during a routine transaction to a warm wallet. The attack saw $1.4 billion in Ether (ETH) and staked ETH tokens (including stETH and mETH) siphoned away into an unidentified hacker-controlled address.

Blockchain investigator ZachXBT was the first to spot suspicious outflows from Bybit exceeding $1.46 billion, later confirming it was a security breach. The hacker quickly split the stolen funds into 39 separate wallets, each holding 10,000 ETH, before beginning an elaborate laundering process.

Bybit Responds with $140 Million Bounty

In response, Bybit has announced a 10% bounty on any recovered funds, meaning on-chain security experts and ethical hackers who assist in recovering the assets could earn up to $140 million. CEO Ben Zhou emphasized that the company is working with top security firms and industry partners to track the stolen crypto. Zhou said in a statement.

“We were overwhelmed with support from some of the best people and organizations in the industry. We will rise above this setback and make our security infrastructure stronger than ever,”

Lazarus Group Linked to the Attack

ZachXBT, Elliptic, and Arkham Intelligence have now tied the attack to North Korea’s Lazarus Group, a state-sponsored cybercriminal organization responsible for multiple high-profile crypto thefts over the past few years. The stolen funds are actively being laundered through centralized mixers and cross-chain bridges, further complicating recovery efforts.

On February 22, 5,000 ETH was tracked moving to a new address, with a portion laundered through eXch, a centralized mixing service, and bridged to Bitcoin via Chainflip. Investigators believe that these tactics will be used to obscure the movement of the remaining funds.

Industry Support and Recovery Efforts

Despite the loss, Bybit remains operational, with withdrawals fully functional. The exchange has also taken steps to replenish liquidity, buying back millions in ETH and receiving support from major crypto firms, including:

• Binance: 50,000 ETH
• Bitget: 40,000 ETH
• HTX Co-Founder Du Jun: 10,000 ETH

Tether CEO Paolo Ardoino confirmed that the company has frozen $181,000 in stolen USDT linked to the hack. Meanwhile, Bybit’s independent Proof-of-Reserves (PoR) audit confirmed that all user assets remain backed 1:1, reassuring traders that funds remain secure despite the attack.