Bybit Faces Major Security Breach, Results in Significant Withdrawals
In a shocking turn of events, prominent cryptocurrency exchange Bybit has experienced total outflows exceeding $5.5 billion following a devastating hack that reportedly involved the North Korean hacking group Lazarus. This incident led to the unauthorized extraction of nearly $1.5 billion from Bybit’s ether cold wallet. According to data gathered from DeFiLlama, the total assets monitored on wallets linked to the exchange plummeted from approximately $16.9 billion to a mere $11.2 billion at the time of this report. As the situation unfolds, Bybit is actively investigating the circumstances surrounding this breach.
During an X Spaces session, Bybit’s CEO, Ben Zhou, disclosed that immediately after the incident, he initiated a call for “all hands on deck” to ensure that their clients received prompt assistance regarding withdrawals and inquiries about the unfolding crisis. Zhou revealed that the security breach resulted in hackers absconding with around 70% of their clients’ ether holdings, compelling Bybit to rapidly secure a loan to facilitate withdrawal processing. Interestingly, Zhou noted that ether was not the primary token being withdrawn; instead, users predominantly opted for stablecoins.
Despite having reserves capable of covering these withdrawals, the crisis intensified when Safe, a decentralized custody protocol that offers smart contract wallets for digital asset management, temporarily disabled its smart wallet functionalities to reinforce confidence in security measures. Some exchanges, including Bybit, had integrated Safe, allowing users to retain custody of their funds while benefiting from enhanced multisig functionality to protect their cold wallets.
While Bybit was equipped to back user withdrawals, a staggering $3 billion worth of USDT was stored in a Safe wallet that had recently been shut down as the protocol sought to assess the situation. On social media, Safe stated that although it had “not found evidence that the official Safe frontend was compromised,” it was taking precautionary measures by temporarily shutting down “certain functionalities.”
As Zhou and the Bybit team scrambled to securely withdraw the $3 billion in stablecoins, withdrawal requests surged. Within just two hours following the security breach, the exchange faced requests to process over $100,000 in withdrawals, prompting Zhou to direct his security team to collaborate with Safe to “discover a more effective method for retrieving these funds.”
In response, the team developed new software utilizing code “based on Etherscan” to meticulously verify signatures on a manual basis, allowing them to transfer stablecoins back to their wallet and meet the overwhelming demand for withdrawals. Zhou recounted how the exchange’s team had to remain vigilant and work through the night to fulfill these requests. As they successfully relocated the $3 billion in stablecoin reserves, they were confronted with a bank run that accounted for “approximately 50%” of all assets within the exchange.
Since the incident, Zhou has indicated that the exchange has shifted a substantial amount of funds away from Safe cold wallets and is currently evaluating alternative systems to replace Safe.
Pushing for an Ethereum “Rollback” Not Out of the Question
In the wake of this security breach, Bybit has engaged with appropriate authorities. During the session, Zhou noted that Singaporean authorities have taken this issue “very seriously,” and he believes it has been escalated to Interpol. Blockchain analysis firms, including Chainalysis, have also been enlisted to assist in the investigation. Zhou expressed optimism, stating, “As long as Bybit is present and continues to track [the stolen ether], I hope we can recover these funds.”
Notably, he mentioned that the idea of pushing for a “rollback” of the Ethereum blockchain—a proposal floated by some industry figures on social media, including BitMEX co-founder Arthur Hayes—has been under consideration if the community were to reach a consensus. Zhou remarked, “I had my team in discussions with Vitalik and the Ethereum Foundation to explore whether they could provide any recommendations for assistance. I genuinely appreciate all the inquiries on Twitter regarding the feasibility of a chain rollback. I’m uncertain about their response, but we are open to anything that could help.”
When questioned about the viability of a blockchain “rollback,” Zhou admitted he was unsure. “I doubt it’s a decision made by one individual given the ethos of blockchain. It should be a collaborative process to gauge community sentiment,” he stated.
It’s important to note that a blockchain “rollback” refers to a modification that would enable the recovery of lost funds. While theoretically possible on the Bitcoin blockchain, executing such a rollback on Ethereum is considerably more intricate due to its smart contract interactions and state-based architecture. Nevertheless, any such change would necessitate community consensus and could potentially lead to a contentious hard fork, sparking criticism across the community and potentially dividing the Ethereum blockchain into two factions, each with its own supporters.
As for the precise cause of the hack, it remains ambiguous. Zhou confirmed that Bybit’s laptops had not been compromised, and although the transaction signers’ activities were thoroughly scrutinized, they appeared to follow standard procedures. “We are certain the issue is linked to the Safe cold wallet. Whether it stems from our laptops or Safe’s systems is still uncertain,” Zhou concluded.
