Popular crypto exchange Bybit is on the road to recovering and replacing the $1.4 billion it lost in a massive UI security breach on Friday. According to blockchain analytics firm Lookonchain, the exchange has received about 446,870 Ethereum (ETH) from different sources to fill the stolen crypto gap.
Since being hacked, #Bybit has received ~446,870 $ETH($1.23B) through loans, whale deposits, and ETH purchases.#Bybit has nearly closed the gap. pic.twitter.com/0oz3ytLi4X
— Lookonchain (@lookonchain) February 24, 2025
In addition to the ETH tokens received, the exchange has recovered about $43 million in various crypto assets from the hacker-related wallet addresses.
Over $1.25 Billion Bagged
Notably, Bybit did not halt withdrawals after the hack. In fact, according to the exchange’s proof-of-reserve (PoR) auditor Hacken, the exchange processed withdrawals worth over $5 billion within a few hours after the hack. Thus, there is a need to replace the stolen funds swiftly.
As part of the recovery process, Bybit spent about $304 million to stack around 109,000 ETH from a few centralized and decentralized exchanges. It also received about 52,000 ETH, worth about $140 million, as loans from crypto exchanges Bitget and Mexc.
Moreover, it acquired 157,660 ETH worth $437.8M from Galaxy Digital, FalconX, and Wintermute via OTC deals. As such, the exchange has fully covered the worth of ETH lost to the hack.
Latest Update: Bybit has already fully closed the ETH gap, new audited POR report will be published very soon to show that Bybit is again Back to 100% 1:1 on client assets through merkle tree, Stay tuned. https://t.co/QLa1vOujM6
— Ben Zhou (@benbybit) February 24, 2025
$43 Million Recovered
Despite the hackers’ swiftness with the fund’s distribution, many firms within the ecosystem, including stablecoin issuer Tether and others, helped Bybit to recover about $43 million from the exploit-related addresses.
In an attempt to tighten its security, Bybit has also released a new Application Programming Interface (API) to identify hackers, track hacker actions and update the blacklist of suspicious wallet addresses continuously.
Additionally, the exchange has launched a 10% reward bounty for any expert individual or team that can help it recover the stolen funds. The $140 million bounty has drawn the attention of other key industry players to aid the recovery process.
Concurrently, the hackers, identified as the Korean Lazarus Group, have not stopped distributing the stolen funds across different wallets and blockchain networks. They recently launched a new Solana memecoin via Pump.fun to launder the proceeds. However, the token launchpad has removed the suspicious crypto from its frontend, protecting investors.
Meanwhile, the Safe Wallet team will begin a phased rollout within 24 hours, using improved features to tighten security.
