Bybit Faces $390 Million Crypto Loss After $1.4 Billion Hack

More recently, Bybit, one of the world’s leading cryptocurrency exchanges, was hacked for $4 million. This single incident contributed to the loss of $1.4 billion in crypto assets. The breach exploited design flaws in the exchange’s process for transferring assets from the cold wallet. This breach is now the 2nd largest crypto hack of all time. In a post-mortem, Bybit CEO Ben Zhou disclosed that about $390 million of the stolen funds are unaccounted for. This is a deeply concerning indictment on the quality of security defenses throughout the crypto space.

Details of the Hack

In this case, the cyberattack targeted a flaw in Bybit’s cold wallet transfer protocol. Essentially, hackers exploited loopholes in contract logic to drain millions of dollars from the exchange.

According to the $1.4 billion in stolen crypto, Bybit’s CEO Ben Zhou announced that 68.57%, which is roughly $960 million of it can be tracked. To add some optimism, about $54m (3.84%) of the stolen money has been rightfully frozen so far. A troubling 27.59%, or about $390 million, is still unaccounted for.

Fund Movements and Laundering Techniques

After their breach, the cyber thieves laundered the stolen cash by a complex substructure of transactions. They used dozens of cross-chain and swap services including Thorchain, eXch, Lombard, LiFi, Stargate and SunSwap to execute their plan.

More precisely, 432,748 $ETH (84.45%, about $1.21 billion) was bridged from $ETH to $BTC through Thorchain. More detailed analysis shows that 342,975 $ETH (67.25%, roughly $960.33 million value) was bridged into 10,003 $BTC through 35,772 wallets with no associated hashes. They washed some of the $BTC through Wasabi Mixer. At the same time, some of it was laundered through CryptoMixer, Tornado Cash, and Railgun.

In particular, 944 BTC (6.34% worth ~$90.62 million) was sent to Wasabi Mixer. At the same time, 531 BTC (3.57% of the market cap worth ~ $49.52 million) were swapped from BTC to ETH through Thorchain. As of the most recent update, 5,991 $ETH (1.17%, ~ $16.77 million) is still seated in $ETH over 12,490 wallets.

Bybit's Response: The Lazarus Bounty Program

In response to the massive theft, Bybit has launched the Lazarus Bounty Program, aimed at enlisting the help of the cybersecurity community to trace, freeze, and recover the stolen funds linked to the Lazarus Group. The program gives a significant financial incentive for original information resulting in the recovery of these assets.

Smugglers can be reported through the Lazarus Bounty Program with a 10% reward. You can collect 5 percent for successfully freezing stolen assets, plus 5 percent for tracing and identifying those assets. The goal of the initiative is to tap into the collective genius of the cybersecurity community. This will greatly increase the odds of recovering those lost or stolen assets.

In the past 60 days, 5,443 bounty reports were received of which 70 were valid bounty reports. We welcome more reports, we need more bounty hunters that can decode mixers as we need a lot of help there down the road. - Ben Zhou