Bybit, one of the leading cryptocurrency exchanges, has encountered a major crisis after a significant hack led to the draining of its ether cold wallet, resulting in total outflows exceeding $5.5 billion. The breach, which involved a loss of nearly $1.5 billion, is believed to have been orchestrated by North Korea’s Lazarus Group, a well-known cybercriminal organization.
The Hack and the Aftermath
Following the attack, Bybit’s total assets across its wallets plummeted dramatically, dropping from approximately $16.9 billion to just $11.2 billion, according to data provided by DeFiLlama. The exchange is actively working to understand the full scope of the incident and has been communicating with its clients during the crisis.
In an X spaces session, Bybit CEO Ben Zhou shared that after the hack, he called for “all hands on deck” to assist with processing withdrawals and addressing customer concerns. Zhou explained that the hackers managed to steal around 70% of the exchange’s clients’ ether, which prompted Bybit to urgently secure a loan in order to continue processing withdrawals. Despite the significant loss of ether, Zhou noted that the most withdrawn token was actually stablecoins, not ether.
Handling the Withdrawal Surge
The exchange was able to cover the withdrawal requests using its reserves, but the situation escalated further when Safe, a decentralized custody protocol integrated by Bybit, decided to temporarily shut down its smart wallet functionalities. Safe’s multisig-enabled wallets are used by some exchanges for enhanced security and digital asset management.
This shutdown left $3 billion worth of USDT in Safe wallets, which complicated Bybit’s ability to fulfill withdrawal requests. Safe claimed that it found no evidence that its official frontend was compromised but took the precaution of disabling certain functionalities to ensure platform security.
Crisis Management and the ‘Bank Run’
Bybit faced a significant challenge in managing the mounting withdrawal requests. Zhou revealed that within two hours of the hack, the exchange was handling over $100,000 in withdrawal requests. To address the situation, the security team worked alongside Safe to develop a solution. They created new software based on Etherscan to manually verify signatures, allowing the exchange to move stablecoins back into its wallet and continue processing withdrawals.
Despite these efforts, Bybit faced a “bank run” where about 50% of the funds on the platform were withdrawn. Zhou mentioned that the exchange’s team had to work around the clock to ensure withdrawals were processed efficiently.
Looking Ahead: Replacing Safe and Restoring Confidence
As the crisis unfolded, Bybit moved a significant portion of its funds off Safe cold wallets and is now exploring alternatives to replace Safe’s wallet system. The exchange is taking measures to bolster its platform’s security and restore user confidence following the breach.
The hack and subsequent withdrawals have raised concerns about the stability of cryptocurrency exchanges and the risks of relying on external custody solutions. Bybit’s swift response to the crisis, however, has demonstrated its commitment to customer protection, though the long-term impact of this incident on its reputation remains to be seen.
Related topics:
