Bybit has managed to restore nearly half of its Ether reserves after suffering a massive $1.4 billion hack on Feb. 21, marking the largest cryptocurrency theft in history. The attack targeted liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and various ERC-20 tokens, causing an industry-wide shock.
According to CryptoQuant data, Bybit’s Ether reserves rebounded significantly within two days of the breach. The exchange now holds over 201,600 Ether, about 45% of the 439,000 ETH it possessed before the attack. Following the exploit, reserves had plunged to just 61,000 ETH.
Support and Spot Buying Fuel Recovery
A significant factor in Bybit’s resurgence has been aggressive spot buying. The exchange reportedly purchased 106,498 ETH worth $295 million through over-the-counter (OTC) trades, as per Lookonchain data.
In addition, major crypto platforms and industry leaders rallied to support Bybit. Binance transferred 50,000 ETH, Bitget contributed 40,000 ETH, and HTX Group co-founder Du Jun provided 10,000 ETH, among other donations.
Industry Confidence Remains Strong
Despite the turmoil, Bybit maintained operational stability, processing over 350,000 withdrawal requests within 10 hours post-exploit, according to CEO Ben Zhou. This responsiveness helped retain user confidence, reinforcing the exchange’s credibility.
Emergency Funding and Asset Impact
Bybit secured approximately $390 million in emergency liquidity, with major contributions including $127 million from Binance-affiliated investors and $53 million from a single whale wallet. However, DefiLlama data indicates that Bybit’s total assets dropped by more than $5.3 billion in the wake of the attack.
An independent proof-of-reserve audit by Hacken, however, confirmed that Bybit’s reserves still exceed its liabilities. “Despite the significant loss, Bybit’s reserves remain strong and fully back user funds,” Hacken stated.
The Hack’s Origins and Investigation
Investigators, including Arkham Intelligence and ZachXBT, have traced the attack to the North Korean Lazarus Group. Similarities between this hack and previous incidents, such as the $230 million WazirX breach and the $58 million Radiant Capital exploit, suggest a recurring method of deception.
Security expert Meir Dolev explained that Bybit’s Ethereum multisig cold wallet was compromised through a misleading transaction, tricking signers into approving a malicious smart contract logic change. “This allowed the attacker to gain control of the wallet and move all ETH to an unknown address,” Dolev told Cointelegraph.
