Overview of the Bybit Hack
According to the previous recap, on February 22, Bybit reported a massive hack, potentially the largest in crypto history, with hackers stealing $1.4 billion USD worth of ETH.
On-chain analyst ZachXBT, along with investigations from entities such as Arkham Intelligence, has identified the perpetrators as the Lazarus Group, a North Korean state-sponsored hacking organization.
The Bybit hack on February 22, 2025, saw hackers steal $1.5 billion in Ethereum, with some funds later bridged to Solana, as shown in the post’s Arkham images.
The hack, detailed through Arkham’s on-chain analysis, revealed the hacker laundering funds through rapid transactions, making 2-3 moves per minute and pausing every 45 minutes for a 15-minute break. This methodical pattern led to speculation, including humorous remarks on X about a possible “intern” handling the laundering for North Korean hackers Lazarus Group.
BYBIT HACKER LAUNDERING FUNDS
The Bybit Hacker is making 2-3 transactions per minute, and stops every 45 minutes for a 15 minute break. They move ETH from one address at a time, before moving onto the next one.
Did Lazarus get an intern to wash their funds manually? pic.twitter.com/XCS16hMC3i
— Arkham (@arkham) February 24, 2025
Bybit’s Response and Reassurance
The Bybit hack had immediate repercussions on the cryptocurrency market. In response, Bybit bought ~446,870 $ETH (worth $1.23B) after the hack, which is likely a multifaceted strategy to address immediate financial needs, restore user confidence, hedge against market volatility, prepare for recovery, and ensure a 1:1 reserve ratio for customer assets.
Since being hacked, #Bybit has received ~446,870 $ETH($1.23B) through loans, whale deposits, and ETH purchases.#Bybit has nearly closed the gap. pic.twitter.com/0oz3ytLi4X
— Lookonchain (@lookonchain) February 24, 2025
Responses from Involved Parties
Efforts to mitigate the damage and recover the stolen funds have involved multiple stakeholders, as outlined in recent updates on the Bybit hack:
- eXch’s Stance: The exchange eXch has denied allegations of laundering funds for the Lazarus Group but acknowledged that a small portion of the stolen funds flowed into its platform. However, eXch refused to freeze the hacker’s wallets, citing past reputational damage caused by Bybit’s actions.
- Pump.fun’s Action: The decentralized platform Pump.fun removed memecoins created from the hacker’s wallets from its interface, demonstrating a proactive approach to distancing itself from illicit activities linked to the hack.
- Recovery Efforts: Collaborative efforts have resulted in freezing $42.89 million (3% of the total stolen amount) through coordination between Tether, THORChain, ChangeNow, FixedFloat, CoinEx, Bitget, and Circle. Additionally, mETH Protocol has supported the recovery of 15,000 $cmETH, valued at $43 million, further bolstering recovery efforts.
