Risk Warning: Beware of illegal fundraising in the name of 'virtual currency' and 'blockchain'. — Five departments including the Banking and Insurance Regulatory Commission
Information
Discover
Search
Login
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
BTC
ETH
HTX
SOL
BNB
View Market
Special Topic | Breaking News! Over $1.46 billion worth of assets were stolen from Bybit
A total of more than 510,000 ETH and derivatives were stolen from Bybit, and the official said it would compensate all losses in full.
2025-02-21
Bybit被攻击事件解读
Supporting $320 million, a glimpse of the white knight in Bybit's crisis
On the other side of the crisis, Crypto's centripetal force seems to be returning.
2025-02-23
exchange
Safety
Supporting $320 million, a glimpse of the white knight in Bybit's crisis
Uncovering the Lazarus Group: North Korea’s hacker group’s shocking robberies and cyber conspiracies
As the instigator of the largest robbery in the history of Web3, this notorious hacker team has left a heavy mark in the history of encryption and even the entire financial market.
2025-02-22
Safety
Uncovering the Lazarus Group: North Korea’s hacker group’s shocking robberies and cyber conspiracies
The cryptocurrency world has become a cash machine for the Lazarus Group. How did North Korea train top hackers?
In a new era where keyboards replace missiles, the keyboards of young hackers will become the sword of Damocles for cryptocurrency.
2025-02-22
Safety
The cryptocurrency world has become a cash machine for the Lazarus Group. How did North Korea train top hackers?
The biggest hacker incident in the history of Web3, we witnessed the greatest unity
Put aside your prejudices, the future of Web3 is still bright.
2025-02-22
exchange
Safety
The biggest hacker incident in the history of Web3, we witnessed the greatest unity
Wu Shuo talks with Bybit: Detailed explanation of the reasons for the theft of $1.5 billion, rescue progress and future arrangements
Bybit emphasized that it will rebuild user trust by improving security measures, optimizing risk control processes and transparent communication.
2025-02-24
exchange
Safety
Wu Shuo talks with Bybit: Detailed explanation of the reasons for the theft of $1.5 billion, rescue progress and future arrangements
2025-02-24
exchange
Safety
currency
Uncovering the Lazarus Group’s intrusion methods: A nation-state APT attack on cryptocurrency exchanges
Bybit: Deeply grateful to the crypto industry for working together to combat security threats
This unprecedented display of solidarity not only reinforces Bybit’s resilience, but also lays the foundation for strengthening industry-wide measures to respond to and prevent future hacks.
2025-02-22
exchange
Safety
Bybit: Deeply grateful to the crypto industry for working together to combat security threats
Bull market black swan: Bybit’s assets worth $1.46 billion were stolen. Is there still room for ETH?
Bybit official: "Bybit's assets are still 1:1 guaranteed, and we can bear the losses."
2025-02-21
wallet
exchange
Safety
ETH
Bull market black swan: Bybit’s assets worth $1.46 billion were stolen. Is there still room for ETH?
Bybit hackers have sold 57,000 ETH. Will this cause the market to crash?
Bybit raised 446,800 ETH at the speed of light in three days.
2025-02-24
ETH
Bybit hackers have sold 57,000 ETH. Will this cause the market to crash?
Real-time updates on incident progress
2025-02-21 15:28:30
ZachXBT: More than $1.46 billion of suspicious funds outflow detected on Bybit, and follow-up is in progress

Odaily News On-chain detective ZachXBT posted on his personal Telegram channel that he had detected suspicious outflows of more than $1.46 billion from Bybit, and relevant information will be updated later. The relevant address is 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2. mETH & stETH are currently being exchanged for ETH on DEX.

2025-02-21 15:34:10
ZachXBT: My sources confirm this was a security incident

Odaily News ZachXBT posted on his personal Telegram channel that my sources confirm it's a security incident.
Earlier news, ZachXBT, a chain detective, posted on his personal Telegram channel that he had detected suspicious outflows of more than $1.46 billion from Bybit, and relevant information will be updated later. The relevant address is 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2. mETH & stETH are currently being exchanged for ETH on DEX.

2025-02-21 15:46:18
Ben Zhou: Assets in a specific ETH cold wallet were transferred, and all other cold wallets are safe

Odaily News Ben Zhou posted on X platform that about an hour ago, the Bybit ETH multi-signature cold wallet just transferred funds to our hot wallet. It seems that this particular transaction is forged, and all signatories saw a forged UI that showed the correct address. The URL comes from @safe
However, the signature information was to change the smart contract logic of our ETH cold wallet. This resulted in the hacker taking control of the specific ETH cold wallet we signed and transferring all ETH in the cold wallet to this unidentified address. Rest assured, all other cold wallets are safe. All withdrawals are normal.

2025-02-21 15:55:34
Arkham: Bybit outflow funds have sold $200 million of stETH

Odaily News According to Arkham monitoring, Bybit outflow exceeded $1 billion. $1.4 billion of ETH and stETH flowed out of Bybit, and the funds have begun to be transferred to new addresses for sale. So far, $200 million of stETH has been sold.
Address: 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2

2025-02-21 16:08:56
Bybit CEO: Even if the loss is irreversible, Bybit is able to pay in full

Odaily News Bybit CEO Ben Zhou posted on the X platform that Bybit is solvent. Even if the losses from the hacker attack are irreversible, all customer assets are backed 1:1 and we can make up for the losses.

2025-02-21 16:25:27
Bybit CEO: Live broadcast will be launched soon to answer all questions

Odaily News Bybit CEO Ben Zhou posted on the X platform that he will start a live broadcast to answer all questions.

2025-02-21 16:31:15
Arkham: 560 million USDT transferred from Bybit cold wallet to its hot wallet

Odaily News According to Arkham monitoring, 560 million USDT were transferred from Bybit's cold wallet to its hot wallet.

2025-02-21 16:31:50
He Yi: If Bybit needs support, we will provide support

Odaily News Binance co-founder He Yi responded to Bybit CEO Ben Zhou and said that support would be provided if necessary.

2025-02-21 16:34:37
Bybit has a net outflow of US$1.688 billion in the past 24 hours

Odaily News DefiLlama data shows that Bybit had a net outflow of US$1.688 billion in the past 24 hours.

2025-02-21 16:36:34
CZ: Recommends Bybit to suspend all withdrawals

Odaily News CZ responded to Ben Zhou’s tweet, saying: “This is not an easy situation to handle. It is recommended to temporarily stop all withdrawals as a standard safety precaution. Any help will be provided if needed.”

2025-02-21 16:41:12
Beosin Trace: A total of 514,723 ETH and derivatives were stolen from Bybit

Odaily News Beosin Trace detected that Bybit suffered a security incident and funds worth $1.44 billion were withdrawn, including:
401,347 ETH, worth $1.12 billion;
90,376 stETH, valued at $253.16 million;
15,000 cmETH, worth $44.13 million;
8,000 mETH, worth $23 million.
Currently, the funds are divided into groups of 10,000 ETH and deposited in more than 40 Ethereum addresses. All hacker addresses have been added to the Beosin KYT tag library. Beosin KYT will issue alerts for all fund transfers involving hacker addresses.

2025-02-21 16:54:38
SlowMist releases Bybit attacker's operation details

Odaily News SlowMist releases Bybit attacker operation details:
1) A malicious implementation contract was deployed at UTC 2025-02-19 7:15:23: https://etherscan.io/address/0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516
2) UTC 2025-02-21 14:13:35, the attacker used the three owners to sign a transaction to replace the implementation contract of Safe with a malicious contract: https://etherscan.io/tx/0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882
3) The attacker then used the backdoor functions “sweepETH” and “sweepERC20” in the malicious contract to steal the hot wallet.

2025-02-21 16:58:38
BitMart founder Sheldon: The crypto industry is a community of shared destiny, Bybit will provide support if needed

Odaily News In response to the Bybit hack, Sheldon, the founder of BitMart, posted on the X platform that the relevant addresses have been frozen. Once the stolen assets flow into BitMart, the relevant assets will be frozen immediately to support the recovery work.
He pointed out that "the cryptocurrency industry is a community of shared destiny, and the most important thing in this industry is credibility. We hope to work together to help Bybit recover its losses and regain its assets. This industry needs everyone to protect it together."

2025-02-21 17:12:46
Safe: We are working with Bybit to investigate, and the wallet has temporarily suspended some functions

Odaily News Safe posted on the X platform that the security team is working with Bybit to investigate and has not yet found any evidence that the official Safe frontend has been hacked. However, out of caution, Safe Wallet has temporarily suspended some functions. User safety is the top priority and more updates will be provided soon.

2025-02-21 17:17:50
Defillama founder: After the theft, Bybit has had a net outflow of $700 million due to user withdrawals

Odaily News Defillama founder 0xngmi said in a post on X that since the theft, Bybit has seen a net outflow of $700 million due to user withdrawals.

2025-02-21 17:22:18
Bybit CEO has started a live broadcast to respond to the details of the ETH theft incident

Odaily News Bybit CEO has started a live broadcast on the Bybit platform to respond to the details of the platform's ETH asset theft incident.
According to previous news, Bybit suffered a security incident tonight, and funds worth $1.44 billion were withdrawn, including:
401,347 ETH, worth $1.12 billion;
90,376 stETH, valued at $253.16 million;
15,000 cmETH, worth $44.13 million;
8,000 mETH, worth $23 million.

2025-02-21 17:36:00
Bybit CEO: Bitcoin is the main reserve, other cold wallets are not affected

Odaily News Bybit CEO said during the live broadcast: Bybit usually conducts internal asset transfers every three weeks, depending on the balance in our hot wallet. Whenever the hot wallet reaches the benchmark we think needs to be replenished, a transfer transaction will occur. I was the last signer of the transfer transaction. At that time, I checked the link, target address, code and other information, but I did not check it thoroughly, which led to this theft. Later, we determined that the hacker attack and the signed code wallet were Ethereum cold wallets under the security wallet, and other cold wallets were not affected. Bitcoin is our main reserve and it is very safe.

2025-02-21 17:38:13
Bybit CEO: Slow withdrawals are just a normal review process

Odaily News In response to the theft of $1.44 billion worth of ETH from Bybit, Bybit CEO Ben Zhou said in a live broadcast that the platform has experienced large-scale withdrawals in the past two hours, and the risk and security team will review some of the larger amounts. This is a routine process and the community can rest assured.

2025-02-21 17:43:17
Bybit CEO: Will not buy Ethereum immediately, is considering obtaining a bridge loan from a partner to make up for the stolen funds

Odaily News Bybit CEO Ben Zhou said in a live broadcast that some customers asked Bybit to buy Ethereum to immediately cover these costs. We are currently contacting our partners to provide us with loans. Even if we want to buy, we will not buy Ethereum immediately. We are currently considering obtaining a bridge loan from a partner to cover the stolen funds, 80% of which has been secured.

2025-02-21 17:46:18
Bybit CEO: Withdrawals will not be stopped, all products and services will operate as usual

Odaily News Bybit CEO Ben Zhou said in the live broadcast, "All products and services are running as usual. We are not stopping withdrawals at this time, we are still processing withdrawals."

2025-02-21 17:56:23
Bybit derivatives and institutional head: The platform's P2P function is operating normally

Odaily News The head of Bybit derivatives and institutions said in the live broadcast: The P2P function of the platform is currently operating normally.

2025-02-21 18:06:46
KuCoin CEO: We have started to assist in monitoring the flow of funds and freezing suspicious assets

Odaily News In response to the security incident that Bybit encountered, KuCoin CEO BC Wong expressed support for Bybit and has started to assist in monitoring the flow of funds and freezing suspicious assets. KuCoin always puts the security of user assets first and continues to strengthen security protection to maintain industry stability.

2025-02-22 00:14:22
Bybit official announcement: Over $1.5 billion in assets were stolen due to ETH multi-signature wallet transfer attack, reserve funds are strong, platform withdrawals and other services are operating normally

Odaily News In response to the previous asset theft, Bybit officially released a detailed announcement of the incident for the first time: At 20:30 on February 21, Beijing time, Bybit detected unauthorized activity in the Ethereum cold wallet during a routine transfer. This transfer was part of Bybit's official plan to transfer ETH from the ETH multi-signature cold wallet to the hot wallet. Unfortunately, the transaction was manipulated by a complex attack that changed the smart contract logic and hid the signature interface, allowing the attacker to control the ETH cold wallet. As a result, more than 400,000 ETH and stETH with a total asset value of more than US$1.5 billion were transferred to unknown addresses.
Funds stolen: Over $1.5 billion worth of ETH and stETH.
The main reason: During the planned regular transfer process, the ETH multi-signature cold wallet was maliciously manipulated during the transfer process.
Bybit reiterates the following key points: All other cold wallets under Bybit are safe and customer funds are not affected. Please be wary of other scams; although there has been a surge in withdrawal requests, excessively high request volumes may cause withdrawal delays, but all withdrawals are being processed normally and 70% of pending requests have been processed; Bybit's reserves are strong and 1:1 backed, all customer assets are fully protected, and users can view relevant information on the Proof of Reserve (PoR) webpage .
Meanwhile, Bybit is working with leading blockchain forensics experts to track down the stolen funds and resolve the situation; its security team is investigating the root cause, with a particular focus on potential vulnerabilities in the Safe.global platform user interface that could be exploited during trading. Bybit has an asset management scale of over $20 billion and will use bridge loans if necessary to ensure user funds are available. The Bybit platform and all other services, including trading products, cards, and P2P, are operating normally.

2025-02-22 00:24:48
Security company Hacken CEO: Bybit reserves will be audited every two weeks, Bybit reserves are sufficient

Odaily News According to Dyma Budorin, co-founder and CEO of Web3 security audit company Hacken Club, who posted on the X platform, "Hacken will conduct follow-up audits on Bybit's proof of reserves every two weeks. For more information, please see https://audits.hacken.io/bybit/ . Once Bybit officially approves it, it will issue proof of assets exceeding liabilities. In addition, I can personally confirm that Bybit has enough funds to pay off its debts and resolve this incident."

The tweet was retweeted and confirmed by Bybit co-founder and CEO Ben Zhou.
Subsequently, Hacken officially released the Bybit reserve proof update audit report .

2025-02-22 00:29:41
Binance and Bitget have deposited more than 50,000 ETH into Bybit cold wallet

Odaily News According to on-chain data, Binance and Bitget have deposited more than 50,000 ETH into Bybit's cold wallet address, of which Bitget transferred about 40,000 ETH.

2025-02-22 00:34:29
Bybit: Has cooperated with on-chain analysis agencies to limit hackers from dumping ETH

Odaily News Bybit officially announced on the X platform that it has reported the theft to the relevant authorities and will update as soon as more information is available. Fortunately, we have quickly and extensively worked with on-chain analysis agencies to identify the relevant addresses involved. The relevant actions will mitigate and counter the ability of bad actors to dispose of and dump ETH in the market, and reduce the channels through which stolen funds can be disposed.

2025-02-22 00:53:00
The ByBit hack was planned and carried out by the North Korean hacker group Lazarus Group, which is related to the Phemex hack

Odaily News Arkham posted on the X platform that the Bybit hacker bounty has been claimed by the on-chain detective ZachXBT. ZachXBT submitted conclusive evidence at 03:09 am on February 22, Beijing time, proving that the North Korean hacker group Lazarus Group planned the attack, along with test transaction analysis, related wallet connections and forensic charts. The report has been submitted to the ByBit team to assist in the investigation.
In addition, ZachXBT stated in the comment section that according to his and CF's Josh's investigation, the Bybit hack and the Phemex hack are related.

2025-02-22 01:01:34
Bybit CEO: 99.994% of withdrawal requests have been processed, and all functions and products are operating normally

Odaily News Ben Zhou, co-founder and CEO of Bybit, said in the latest post on the X platform: "Since the hacker attack (10 hours ago), Bybit has experienced the most withdrawals we have ever experienced. We have received more than 350,000 withdrawal requests in total, and so far, there are about 2,100 withdrawal requests pending. Overall, 99.994% of withdrawal requests have been successfully completed. If your withdrawal has been completed, please leave a message here.
Despite what may have been the worst hack of any medium in history (banking, crypto, finance), all Bybit features and products remain operational. The entire team stayed up all night fielding and answering customer questions and concerns. It was all hands on deck. Rest assured, we are with you.”

2025-02-22 01:08:20
Bitget CEO: I believe Bybit customer funds are 100% safe, no need to panic or run

Odaily News Bitget CEO Gracy Chen posted a message on the X platform to support Bybit, saying: "Bybit is a respectable competitor and partner. Although the loss this time is huge, it is only their annual profit. I believe that customer funds are 100% safe. There is no need to panic or run on the bank."

2025-02-22 01:10:28
Bybit CEO: The previous transfer of 10,000 ETH has nothing to do with Binance, and we are communicating with Binance and other partners

Odaily News In response to the community's mention of "Binance transferring ETH to Bybit", Bybit co-founder and CEO Ben Zhou responded and clarified: "Thank you Bitget for your help at this moment. We are communicating with Binance and several other partners. This fund has nothing to do with Binance."

2025-02-22 01:31:19
Bybit’s application to unstake 15,000 cmETH stolen was rejected, but may be successfully intercepted

Odaily News According to the monitoring of on-chain data analyst Yu Jin, 1 hour ago, the Bybit hacker's application for unstaking 15,000 cmETH was returned by the cmETH withdrawal contract. After that, the hacker authorized the transaction of cmETH on DODO, but there was no further transaction, which may be due to the very shallow liquidity pool of cmETH. These 15,000 cmETH should be intercepted.
In addition to these 15,000 cmETH, the amount of ETH stolen from Bybit is 499,000 (about US$1.37 billion), which are stored in 51 addresses by hackers.

2025-02-22 01:35:09
CZ: Binance does not yet officially support Bybit, and related transfers are spontaneous actions of users

Odaily News In response to the community's concern about "Binance is providing ETH loans to Bybit", Binance founder CZ responded on the X platform that Binance has not yet started to support Bybit. These are spontaneous transactions by users. Some whales may have lent to Bybit, and Binance cannot take credit for it. Previously, CZ suggested that Bybit suspend withdrawals , saying that "$1.5 billion in stolen assets is enough to be terrifying. It is better to be safe than sorry now."

2025-02-22 01:37:23
MEXC hot wallet transferred 12,652 stETH to Bybit, and Bybit has now received 64,000 ETH asset support

Odaily News According to on-chain analyst Ember, MEXC's hot wallet transferred 12,652 stETH (about $33.75 million) to Bybit's cold wallet in the past hour. Bybit should have received 64,452 ETH (about $170 million) in loan support from Bitget, an institution that withdrew funds from Binance, and MEXC.

2025-02-22 01:39:46
Safe: No security vulnerabilities were found after a comprehensive investigation, and other Safe addresses are not affected

Odaily News In response to the incident that “ByBit multi-signature wallet was manipulated by malicious means, resulting in the theft of $1.5 billion in assets”, the multi-signature wallet platform Safe issued a statement on the X platform saying: “· No code base leak was found: The Safe code base was thoroughly checked and no evidence of leakage or modification was found.
No malicious dependencies found: There is no indication that malicious dependencies in the Safe codebase could affect transaction flow (i.e., supply chain attacks)
·No unauthorized access to the infrastructure was detected in the logs·No other Safe addresses were affected Safe stated that it has temporarily suspended the Safe{Wallet} function to ensure users have absolute confidence in the security of the Safe platform.
While our investigation revealed no evidence that the Safe{Wallet} frontend itself was compromised, we are conducting a more thorough review.”

2025-02-22 01:59:13
Bybit CEO: $2.95 billion in assets will be transferred, and an advance statement will be made to show that there has been no further attack

Odaily News Ben Zhou, co-founder and CEO of Bybit, said in the latest post on the X platform: "We will transfer USDT worth $2.95 billion from cold wallets to hot wallets. This is a planned operation and is for reference only. We were not hacked this time."

2025-02-22 02:15:33
The hacker Lazarus behind the Bybit theft processed the stolen funds through ETH-BTC-fiat currency, and the process of selling the stolen funds may last for many years

Odaily News The Bybit theft is generally considered to be the work of the North Korean hacker group Lazarus Group. Chainalysis has previously released a report on the "disposal" of the stolen money by the Lazarus Group. Generally, the Lazarus Group will take three steps to "dispose" of the stolen money: the first step is to convert all ERC20 (including liquidity derivative tokens such as stETH) into ETH; the second step is to convert ETH into BTC; the third step is to gradually convert BTC into legal currency through Asian exchanges. The whole process may last for many years.

2025-02-22 02:17:13
Bybit Ecosystem Project mETH Protocol: To support Bybit investigation, cmETH withdrawals have been suspended, and the protocol itself is safe

Odaily News mETH Protocol, a liquidity pledge/re-pledge protocol under Mantle, which has a deep binding relationship with Bybit, said that it has learned of the recent security incident involving certain mETH and cmETH transactions on Bybit, including a withdrawal request of 15,000 cmETH. In order to support the ongoing investigation, cmETH withdrawals on the platform have been suspended, and deposit and pledge services are proceeding as usual.
User funds on the mETH Protocol remain safe and unaffected, the protocol remains protected by the highest security standards, and the community will be notified immediately once withdrawals are resumed.

2025-02-22 02:37:35
Santiment: Affected by factors such as the Bybit theft and the issuance of LIBRA, the market is in extreme fear

Odaily News Santiment posted on the X platform that due to the shock caused by the Bybit hack in the crypto space, coupled with the worrying news about LIBRA and other contributing factors this week, the crowd showed extreme fear as Bitcoin plummeted. According to the sentiment score, the negative sentiment in the crypto community is the same as before the price rebound on February 17 and 18. While nothing is certain, and a major exchange hack may have a lasting impact on the crowd's perception, remember that the market almost always moves in the opposite direction of what retail traders expect.

2025-02-22 02:39:58
A whale or institution transferred 11,800 ETH from Binance to Bybit 6 hours ago, worth $31 million

Odaily News According to LookonChain monitoring, 6 hours ago, a whale or institution transferred 11,800 ETH (worth 31 million US dollars) from Binance to Bybit's cold wallet as support for Bybit customer withdrawals.

2025-02-22 02:49:46
Arthur Hayes asks Vitalik: Do you support Ethereum rollback to help Bybit? ETH is no longer a currency after The DAO fork

Odaily News In response to the theft of more than $1.5 billion in assets from Bybit, BitMEX founder Arthur Hayes posted a question to Ethereum co-founder Vitalik on the X platform, saying, "Would you support rolling back the Ethereum chain to help Bybit? As an ETH whale holder, my view is that ETH is no longer a currency after the hard fork of The DAO hacker in 2016. If the community wants to do it again, I will support it, because we voted against immutability in 2016, why not do it again? No one has questioned the DeFi operations on CZ's computer (referring to BNB), why not question ETH (that is, Vitalik Buterin's computer)?"

2025-02-22 02:53:23
DWF Labs partner: No withdrawals from Bybit and willing to provide ETH support, curious about what Vitalik will do

Odaily News DWF Labs partner Andrei Grachev posted on the X platform that "The Bybit hacking security incident is extremely serious and must be properly investigated. DWF Labs has not made any withdrawals from Bybit_Official and is ready to provide ETH support to it. In addition, I am very curious about what Ethereum co-founder Vitalik Buterin will do. After all, he pushed for the rollback of ETH after The DAO fork ten years ago."

2025-02-22 02:59:08
Bybit CEO: All withdrawals have been processed, the withdrawal system has returned to normal, and a full report will be released later

Odaily News Ben Zhou, co-founder and CEO of Bybit, posted on the X platform that 12 hours after the worst hacker attack in history, all withdrawals have been processed. The Bybit withdrawal system is now fully restored to normal, and users can withdraw any amount without any delay. Thank you for your patience, Bybit is sorry for this situation.
Bybit will release a full incident report and safety measures in the coming days.

2025-02-22 03:03:52
Bybit hacker has become the world's 14th largest ETH holder

Odaily News Coinbase director Conor Grogan posted on X that according to Arkham platform monitoring data, Bybit hackers (most likely from North Korea) have become the 14th largest ETH holder in the world, holding about 0.42% of the total supply of Ethereum, exceeding Fidelity and Vitalik's Ethereum holdings, and more than twice the Ethereum Foundation's ETH holdings.

2025-02-22 03:06:57
Bybit attackers may have hacked into the official staff's computer and conducted internal network monitoring to carry out the attack

Odaily News SlowMist CISO 23pds posted on the X platform: "The attacker took away the safe owner privilege with a single forged signature attack. It is speculated that more than one macOS or Windows computer must have been controlled, and the attacker may have stayed in the intranet for some time and was able to monitor internal chats, transfer times, and other information."

2025-02-22 03:11:57
Bitget CEO: The 40,000 ETH previously transferred to Bybit are all the platform’s own funds and have nothing to do with user assets

Odaily News Bitget CEO Gracy Chen posted on the X platform: "All ETH previously transferred from Bitget to Bybit was Bitget's own funds. In this difficult period, we are also assisting in tracking and investigating the stolen funds. All Bitget users' assets are safely stored on our platform, and we issue proof of reserves (PoR) every month to ensure that the reserve ratio is greater than 1:1."

2025-02-22 03:36:23
After the Bybit attack, the total liquidation amount of the entire network reached 325 million US dollars, and the liquidation amount of ETH was about 87.9 million US dollars

Odaily News Bybit was disclosed to have been hacked at around 23:30 last night, with nearly $1.5 billion stolen. It has been about 12 hours since then. According to Coinglass data, the total amount of liquidation in the past 12 hours reached $325 million, including $265 million in long orders, $59.4751 million in short orders, and about $87.9 million in ETH liquidation.

2025-02-22 03:39:38
Bybit CEO: I didn’t sleep all night and focused on the meeting. I learned about the hacker attack at around 10 pm on the 21st.

Odaily News BenZhou, co-founder and CEO of Bybit, posted on X platform: "Some people saw me wearing a WHOOP watch (in the early morning live broadcast) and asked me what my stress monitor looked like last night. This is the monitoring result. I barely slept, but it actually looks pretty good. I think I may have been too focused on handling all the meetings and forgot to decompress. I feel that when I really understand the concept of losing $1.5 billion, it will come soon. Please note that I learned about the hacker attack around 10 pm."

2025-02-22 03:45:23
SlowMist Yusin: Safe’s front-end was tampered with and caused problems, Bybit is not an isolated case

Odaily News SlowMist Yuxian posted on the X platform that "There is no problem with the Safe contract, the problem lies in the non-contract part, the front end was tampered with and forged to achieve the effect of deception. This is not an isolated case. North Korean hackers have taken over several companies last year, such as:
WazirX $230 million Safe multi-signature;
Radiant Capital $50 million - Safe multi-signature;
DMM $305 million - Gonco multi-signature.
This attack method is well-engineered. Others should also pay more attention to it. Multi-signature may not only be a problem for Safe. "

2025-02-22 03:48:42
Zhu Su: Affected by the panic of Bybit theft, ETH ushered in a narrative of a record high

Odaily News Zhu Su posted on the X platform that a large number of traders opened short orders in panic over the theft of Bybit ETH assets, and now ETH finally has a narrative of setting a new all-time high (i.e. short squeeze).

2025-02-22 04:01:03
Bybit’s total assets exceed $19.5 billion, and it still holds more than 450,000 ETH, worth $1.2 billion

Odaily News According to Arkham platform data, Bybit currently has a total asset value of over $19.5 billion and still holds $1.2 billion worth of ETH. Its top five holdings are:
1. BTC: 69,856 pieces, equivalent to US$6.72 billion;
2. USDT: 4.122 billion, equivalent to US$4.12 billion;
3. MNT: 2.445 billion, equivalent to US$2.19 billion;
4. ETH: 450,462, equivalent to approximately US$1.2 billion;
5. USDC: 652.157 million, equivalent to US$652.16 million.

2025-02-22 04:04:11
Wall Street Journal: CertiK confirms Bybit incident as the largest theft in crypto history

Odaily News The Wall Street Journal quoted the Web3.0 security agency CertiK as saying that the Bybit theft was the largest single theft in the history of encryption, and the stolen assets resulting from this hacker attack were valued at more than US$1.4 billion.
After the incident, Bybit announced that it had reported the case to the relevant authorities. Its CEO Ben Zhou said that all Bybit functions and products are still operating normally, the exchange has solvency, and will bear the full amount of customer losses. As of now, all Bybit withdrawal requests have been processed and the withdrawal system has returned to normal speed.

2025-02-22 04:07:28
Ethena Labs founder: Ethena handled the largest single-day redemption without any losses or redemption issues

Odaily News @leptokurtic_, founder of Ethena Labs, posted on the X platform: "Ethena handled the largest single-day redemption and closed all unrealized risk exposure as soon as the news broke. In any case, at its peak, the unrealized risk exposure was always only a small part of the excess reserves of USDe. Although Bybit, as the world's second largest derivatives exchange, represents more than 20% of the risk-averse exposure, USDe has never underestimated the deposit. Even if the unrealized risk exposure does not drop to zero within the hour, this exposure may be completely lost, and USDe will still be overcollateralized. I hope this incident can verify some of the design decisions made to reduce the risks of users using the OES custody solution. The simple design route is to avoid costs and the engineering complexity added by custodians in the off-chain hedging system. Ethena Labs has not encountered any support losses or redemption request issues."

2025-02-22 04:22:02
After the Bybit hack, Binance had a 24-hour net inflow of $1.046 billion, and Bybit had a 24-hour net outflow of $2.675 billion

Odaily News According to Deflama data, after the Bybit hack, CEXs saw divergent capital flows. Binance had a 24-hour net inflow of $1.046 billion, making it the exchange with the most inflows; at the same time, Bybit had a 24-hour net outflow of $2.675 billion, with OKX, Bitfinex, and Robinhood seeing net outflows of $7.35 million, $188 million, and $39.95 million, respectively.

2025-02-22 04:26:16
Opinion: Bybit hackers may have laundered stolen funds through Kanye’s coin issuance, and Solana ecosystem may have been exploited

Odaily News Crypto KOL NingNing posted on X platform: "Part of the ETH reserves in Bybit's cold wallet exist in the form of stETH/mETH. Hackers exchanged them for ETH through Uniswap, DODO and ParaSwap. The current relationship map of North Korean hacker addresses presents a central cluster + N satellite small clusters + a complex inter-conversion network. Moreover, North Korean hackers have transferred funds from the Ethereum mainnet to Solana. Because Solana's transaction event logs are very poorly readable by humans, they are often ridiculed as having built-in mixer properties. Given that Kanye will launch his celebrity meme coin in the near future, it is reasonable to speculate that North Korean hackers will launder money by participating in this on-chain carnival."

2025-02-22 04:42:41
Security Community: The Bybit attack involved social engineering techniques that tricked auditors into mistaking contract changes for transfers

Odaily News According to a post by the security community Dilation Effect on the X platform, "Compared to previous similar incidents, in the Bybit incident, only one signer was needed to complete the attack, because the attacker used a 'social engineering' technique. Analysis of on-chain transactions shows that the attacker executed a malicious contract's transfer function through delegatecall. The transfer code used the SSTORE instruction to modify the value of slot 0, thereby changing the implementation address of the Bybit cold wallet multi-signature contract to the attacker's address. The transfer here is very clever. It only requires the person/device that initiated the multi-signature transaction to be dealt with. When the subsequent auditors see this transfer, their vigilance will be greatly reduced. Because normal people see transfer and think it is a transfer, who knows that it is actually changing the contract. The attacker's tactics have been upgraded again."

2025-02-22 04:45:35
Du Jun supports Bybit, saying he will transfer 10,000 ETH and will not withdraw it within a month

Odaily News ABCDE co-founder Du Jun posted on the X platform: "Today, 10,000 ETH will be deposited to Bybit, and will not be withdrawn within a month."

2025-02-22 05:20:29
Crypto KOL clarifies: The $1.38 billion in funds in the Bybit hacker address are still on the Ethereum mainnet, and the previous cross-chain transfer of funds to Solana was due to misleading by others

Odaily News The crypto KOL issued a clarification that the previous analysis about Bybit hackers using Solana network and Kanye Meme coins to launder money was wrong due to the misleading article by @barneyxbt. He said that the ETH funds worth $1.38 billion on the Bybit hacker address are still on the Ethereum mainnet, and he has deleted the previous analysis tweet.

2025-02-22 05:29:54
36,000 ETH transferred from Binance hot wallet to Bybit cold wallet in the past 15 minutes

Odaily News According to LookonChain monitoring, another 36,000 ETH (worth $96.5 million) was transferred from Binance hot wallet to Bybit cold wallet in the past 15 minutes.

2025-02-22 06:20:53
Bitunix: Bybit-related hacker addresses have been blocked, and we are willing to work together to protect industry security

Odaily News According to the official news released by Bitunix, after the Bybit theft, Bitunix took prompt action and blocked the addresses of the hackers to prevent them from further using the platform to launder money. Regarding the security incident encountered by Bybit, Bitunix expressed its willingness to provide all possible assistance to jointly safeguard the security and stability of the industry.

2025-02-22 06:35:38
DragonFly Global Support Director: Bybit’s official crisis management process is worth learning

Odaily News Casey Taylor, Global Support Director of DragonFly, gave a high evaluation and detailed review of the "Bybit official quick handling of the $1.5 billion theft" on the X platform. She mentioned: "After experiencing the largest hacker attack in the history of cryptocurrency, Bybit staged a master-level crisis management communication process. Among them, the quick and personal response of the CEO, the rapid and transparent follow-up actions, the online live broadcast response, the calm performance under pressure, the clear live broadcast management, the clear timeline, the numbers, and the planning and taking the corresponding risks of security vulnerabilities are all worthy of learning for other exchanges and project parties." In addition, she mentioned: "Note that the incident is still fermenting, and the facts may change as more information emerges. Although DragonFly is an early investor in Bybit, we receive the latest news at the same time as the public and are committed to maintaining transparency as the incident develops."

2025-02-22 06:40:36
SlowMist Cosine: CZ’s previous suggestion to suspend withdrawals was correct. The Bybit team handled it properly. Don’t forget that the common enemy is hackers.

Odaily News In response to the criticism from community users that "CZ suggested that Bybit suspend withdrawals", SlowMist Yuxian posted on the X platform: "To be honest, from a security perspective, the suggestion to urgently stop the wallet system when the cause is unknown is correct. In addition, Bybit's theft shows that they respond very quickly and locate the problem very quickly. We and some security teams were the first to intervene in the communication and exchange, quickly identify the problem and speculate on the hacker's portrait, and we went to rest around 3 am. Bybit must have opened withdrawals in a timely manner when everything was ready. I think there is nothing wrong with it. It's a pity that many people are now consuming this dispute internally, but forgetting who our common enemy is."

2025-02-22 07:23:14
Bybit has received over $4 billion in capital in the past 12 hours, covering all the stolen funds losses

Odaily News According to statistics from SoSoValue and the latest monitoring data from the on-chain security team TenArmor, the Bybit trading platform has received a total inflow of more than US$4 billion in the past 12 hours, including 63,168.08 ETH, US$3.15 billion in USDT, US$173 million in USDC and US$525 million in CUSD.
According to the comparative fund inflow data, this fund inflow has completely covered the fund loss caused by the hacker attack yesterday. At the same time, all services of the Bybit exchange, including the withdrawal function, have returned to normal.

2025-02-22 07:31:23
OKX President: Bybit hackers have been blacklisted and are willing to provide security and liquidity support for Bybit

Odaily News OKX President Hong Fang posted on the X platform that “The Bybit hacker addresses have been added to OKX’s blacklist. Team engineers are closely monitoring these addresses and will take immediate action if there are any changes in funds. Our team is also in contact with the Bybit team to provide any IT security support and liquidity support we can provide at this stage.”

2025-02-22 07:40:23
ZachXBT: Bybit hackers have bridged 5,000 ETH to the BTC network through mixers and Chainflip

Odaily News ZachXBT posted on his personal channel: "The Lazarus Group in the Bybit incident transferred 5,000 ETH to a new address, laundered the money through eXch (a centralized mixer), and bridged the funds to Bitcoin through Chainflip. 5,000 ETH was transferred at 6:28:23 am on February 22, 2025, and the TXN was 0xbf80907830e46317da2c1708a13a9f016e242f8a6db6e6b0706ea5f2328cb001; the final address of Bitcoin through Chainflip is bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq."

2025-02-22 07:42:01
Bybit CEO: Hackers were detected transferring BTC via Chainflip, and a cross-chain bridge bounty program is about to be launched

Odaily News Ben Zhou, co-founder and CEO of Bybit, posted on the X platform that hackers have been detected trying to transfer BTC through Chainflip. He hopes that the cross-chain bridge project will help Bybit block and prevent further transfers of assets to other chains. Bybit will soon launch a bounty program to anyone who helps it block or track funds that lead to fund recovery.

2025-02-22 07:53:15
Bybit’s stolen assets account for about 15% of the total stolen amount in the cryptocurrency industry, with the industry’s stolen funds exceeding US$10.6 billion

Odaily News According to the DefiLlama website hacker incident statistics, Bybit's stolen assets of more than $1.4 billion are the largest security incident in the history of cryptocurrency, accounting for about 15% of the stolen amount in all security incidents in the history of cryptocurrency. The panel data shows that the cumulative amount of stolen assets in the history of cryptocurrency exceeds $10.62 billion, of which DeFi-related stolen assets amount to $6.31 billion, and various bridge projects have stolen assets amount to $2.87 billion.

2025-02-22 08:14:00
Tim Wong, Chairman of Catizen Foundation: I believe Bybit will successfully overcome the challenges

Odaily News Tim Wong, Chairman of Catizen Foundation, expressed his confidence on Twitter that Bybit will overcome the current challenges. As one of Bybit’s important partners, Tim reviewed the valuable support Bybit provided in the early stages of Catizen’s development, especially in terms of marketing and resource integration.
Tim Wong emphasized that although Bybit is currently facing some challenges, he believes that Bybit will quickly resolve the current difficulties and draw strength from them to continue to grow and develop. The tweet reads: "What doesn't kill you will only make you stronger."

2025-02-22 08:16:56
ZachXBT: Bybit hacking incident is related to Phemex hacking incident, and the related addresses overlap

Odaily News Chain detective ZachXBT posted on X platform: “We have just directly linked the Bybit hack to the Phemex hack. The funds from the initial theft addresses of the two incidents overlap on the chain. Overlapping addresses:
0x33d057af74779925c4b2e720a820387cb89f8f65;
Bybit hacker transaction on February 22:
0xc963e65b9ec39b11076f78990c31f29aaa80705c75312dafd1748479e3e94ed0;
0x411374feedcfa560335f00c0fcfa0a3906fdcc33687e6f924dd78ebecc45cd00;
Phemex hack on February 20, 2025:
0x6262a3339842240aeebae4ebfe338dbc771aa0e2df8f5a1ebcd7f9b090bedfe3. "

2025-02-22 08:41:50
Chainflip: Unable to completely block, freeze or redirect any Bybit-related stolen funds

Odaily News Chainflip, a cross-chain bridge, responded to the freezing request of Bybit CEO by saying: “We have tried our best to deal with the current situation, but as a decentralized protocol, we cannot completely block, freeze or redirect any funds. However, we have currently shut down some front-end services to prevent the flow of funds.”

2025-02-22 08:47:53
Metalpha deposited 30,006 ETH to Binance four hours ago, equivalent to US$80.48 million

Odaily News According to monitoring by on-chain analyst Aunt Ai, asset management company Metalpha recharged 30,006 ETH worth $80.48 million to Binance four hours ago. It has been three months since Metalpha's multi-signature address last recharged a large amount of ETH, and the intention of the recharge has not been confirmed for the time being.

2025-02-22 09:12:19
A whale transferred 20,000 ETH to Bybit cold wallet, worth $53.7 million

Odaily News According to Lookonchain monitoring, a whale has just transferred 20,000 ETH worth 53.7 million US dollars to the Bybit cold wallet.

2025-02-22 09:13:38
Galaxy CEO calls on global leaders to take action against hacker group Lazarus Group

Odaily News Galaxy CEO Mike Novogratz posted on the X platform calling on global leaders to take action against the hacker group Lazarus Group, while praising Bybit for completing a world-class resolution after the attack.

2025-02-22 09:29:54
Orderly Network: Mantle on-chain deposits have been reopened

Odaily News Orderly Network announced that deposits on the Mantle chain have been reopened. Previously, due to the hacker attack on Bybit, a large amount of funds were transferred, and Orderly temporarily suspended the deposit business on the Mantle chain.

2025-02-22 09:30:49
Mask Network founder: Some ETH has been deposited back to Bybit

Odaily News Mask Network founder Suji Yan posted on the X platform that he has deposited some ETH back to Bybit, and there is probably less than 10 million US dollars in the public address, and he will continue to support it.

2025-02-22 09:46:01
Chainflip: Strengthening ETH broker-level screening mechanisms to reject suspicious deposits

Odaily News Chainflip updated the latest situation of the Bybit theft incident and said: "We have noticed that hackers are trying to convert the stolen funds from Bybit into BTC through Chainflip. At present, we have shut down some front-end services to prevent the flow of funds, but because the protocol is completely decentralized with 150 nodes, we cannot completely shut down the entire system. As a longer-term solution, we are strengthening the screening mechanism at the ETH broker level to reject suspicious deposits through the broker-api. Currently, the mechanism has been applied to BTC, and we only need to complete the implementation of ETH."

2025-02-22 09:55:43
Currently, 5 institutions/individuals have provided Bybit with loan support totaling 120,000 ETH, totaling over 320 million US dollars

Odaily News According to on-chain analyst Yu Jin’s monitoring, 5 institutions/individuals have provided Bybit with a total of 120,000 ETH (US$320.97 million) in loan support. Specifically:
Bitget: 40,000 ETH ($105.96 million);
Institutions/whales withdrawing from Binance: 11,800 ETH ($31.02 million);
MEXC: 12,652 stETH ($33.75 million);
Binance or another institution/whale withdrawing funds from Binance: 36,000 ETH ($96.54 million);
0x327...45b address: 20,000 ETH ($53.7 million).

2025-02-22 10:12:15
mETH Protocol: cmETH withdrawals have been resumed, user funds are not affected

Odaily News The liquidity staking/re-staking protocol mETH Protocol announced on the X platform that cmETH withdrawals have been restored, user funds are safe and fully supported, and a detailed post-event analysis report will be released soon, outlining the incident and all measures taken.
Earlier news, mETH Protocol, a liquidity pledge/re-pledge protocol under Mantle, which has a close relationship with Bybit, announced the suspension of cmETH withdrawals after learning about the recent security incident involving certain mETH and cmETH transactions on Bybit, but deposit and pledge services will proceed as usual.

2025-02-22 11:01:40
Beosin: Once the funds related to the Bybit exchange hacker attack enter the Tornado.cash mixer, the fund penetration analysis will be immediately initiated

Odaily News The Beosin security team conducted in-depth tracking and analysis of the stolen funds in the Bybit exchange hacker attack. The study found that one of the stolen funds deposit addresses, 0x36ed3c0213565530c35115d93a80f9c04d94e4cb, transferred 5,000 ETH to the split address 0x4571bd67d14280e40bf3910bd39fbf60834f900a at 06:28:23 UTC on February 22, 2025. Subsequently, the funds were split into amounts ranging from tens to hundreds of ETH at a frequency of once every few minutes, and further transferred to multiple addresses. It is worth noting that after multiple transfers, some funds attempted to cross-chain to the BTC chain address bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq through Chainflip, indicating that hackers attempted to further conceal the flow of funds through cross-chain operations.
In addition, at 07:44:47 UTC on February 22, 2025, the split address transferred 56.68 ETH to the black address 0x33d057af74779925c4b2e720a820387cb89f8f65. This address is marked as "Hacker: Phemex Hacker" in the Beosin tag library, and the "Phemex Exchange $85 million theft" was done by the well-known hacker group Lazarus Group. This key discovery further confirms our previous inference based on the similarity between the attack mode and the WazirX incident, that is, the Bybit exchange hacker attack is very likely related to the Lazarus Group.
It is worth mentioning that in the Phemex incident, some of the stolen funds were transferred to mixers such as Tornado Cash to conceal their flow. For the Bybit incident, we are fully prepared. Once the relevant funds enter the Tornado.cash mixer, Beosin will immediately start the fund penetration analysis. The special working group has been equipped with the latest version of the Tornado Cash penetration algorithm, and several professional analysts who have successfully completed fund penetration in similar cases have joined to ensure that the flow of funds can be tracked efficiently and provide strong support for subsequent actions. At present, the Beosin security team is cooperating with the Bybit security team to track funds.

2025-02-22 11:13:32
ZachXBT: Lazarus Group links BingX hacking addresses to Bybit and Phemex stolen funds addresses

Odaily News ZachXBT published an update on the movement of Bybit’s stolen funds, stating that a few minutes ago, the Lazarus Group linked an address related to the BingX hacker attack, which now connects the stolen funds of Bybit, BingX, and Phemex to the chain.
Overlapping address: 0xd555789b146256253cd4540da28dcff6e44f6e50
Bybit hacker attack transaction: 0x4a366130118d750715c2d35fdc07509cf943fcc988fa5e6d02211e3d5472796e
BingX hacker attack transaction: 0x93424aa87731bb9b1d8cc1f708d2ac9f3faf914f368a00494d87cba3e7719e8c

2025-02-22 11:49:44
Bitget CEO Gracy: Actively communicate with Bybit CEO and offer help

Odaily News Bitget CEO Gracy said in a Space about "Analysis of the Bybit Theft" that she took the initiative to communicate with Bybit CEO BEN and provided 40,000 ETH. The short-term liquidity provided did not require any collateral, interest rate, or any commitment. It could be transferred back when Bybit no longer needed it. The current situation is that Bybit's liquidity has been perfected and no more support is needed. Bybit said that some liquidity providers require collateral.

2025-02-22 11:54:43
A new address withdraws 10 million USDT from Bybit and converts it into ETH and deposits it into Bybit again

Odaily News According to on-chain analyst Yu Jin’s monitoring, a new address withdrew 10 million USDT from Bybit, then purchased 3655.6 ETH on the chain and immediately transferred it to Bybit. The average purchase price was $2,735.

2025-02-22 12:05:54
mETH Protocol: No unauthorized cmETH withdrawals occurred, and the attacker has been blacklisted

Odaily News mETH Protocol released an update on the Bybit security incident, disclosing that a security incident occurred on Bybit resulting in the unauthorized withdrawal of mETH and cmETH from the exchange, including the exchange of 8,000 mETH for ETH through three transactions on DEX, and an unsuccessful withdrawal of 15,000 cmETH initiated through mETH Protoc. There was no risk to Mantle or mETH Protocol and the cmETH liquidity on Mantle Network L2 was reduced. The attacker's wallet address was blacklisted, thereby preventing further cmETH transfers or interactions within the protocol. Ultimately, no unauthorized cmETH withdrawals occurred, the contract has now been restored, and operations have returned to normal.

2025-02-22 12:26:51
CZ: Proposing to suspend Bybit withdrawals is a prudent move, Bybit CEO made the best decision based on the situation

Odaily News CZ said about the recent Bybit hack: “We have seen a pattern where hackers are able to steal large amounts of cryptocurrency from multi-signature ‘cold storage’ solutions, such as Bybit, Phemex, WazirX and other exchanges. In the recent Bybit case, the hacker was able to make the front-end UI show a legitimate transaction, while the actual signature pointed to another transaction. For other cases, based on the limited information available, it seems that similar tactics were used.
What is even more worrying is that the affected exchanges use different multi-signature solution providers. The hacker group Lazarus Group has demonstrated extremely advanced and extensive penetration capabilities. It is still unclear whether the hackers successfully penetrated multiple signature devices, the server side, or both.
Some have questioned my previous suggestion to suspend withdrawals as a standard security precaution (tweeted from my shuttle bus to the airport). My intention was to share a practical approach based on experience and observation, but there is no right or wrong approach. My guiding principle is always to lean on the safe side. After any security incident, all operations should be suspended to ensure we fully understand what happened, how the hackers penetrated the system, which devices were compromised, triple-check to ensure safety, and then resume operations.
Of course, suspending withdrawals could cause more panic. In 2019, we suspended withdrawals for a week after a major $40 million hack. When we resumed withdrawals (and deposits), deposits exceeded withdrawals. This is not to say that this approach is better, each situation is different and requires judgment. I tweeted to share what might work and to show support in a timely manner. I believe Ben made the best decision based on the information he had.
Ben has maintained transparent communication and a calm demeanor while handling this challenging situation, which is in stark contrast to other CEOs who have lacked transparency, such as WazirX, FTX, etc.
Each of the cases mentioned here is different. FTX is a fraud, and as for WazirX, I cannot comment due to the ongoing litigation.
The bottom line is that we should never take safety for granted. It’s important to understand safety so you can choose the right tools for your needs, but the basic concepts still apply. Stay safe (SAFU)!”

2025-02-22 13:18:38
Tether CEO: 181,000 USDT related to Bybit hackers have been frozen

Odaily News Paolo Ardoino, CEO of Tether, announced on the X platform that he had just frozen 181,000 USDT related to the ByBit hacker attack. Although it may not be much, it is a very effective method and Tether will continue to monitor it.

2025-02-22 13:24:29
The Bybit stolen funds address currently still holds 489,395 ETH and 15,000 cmETH

Odaily News According to Lookonchain monitoring, the Bybit stolen funds address (from Lazarus Group) has transferred 10,000 ETH and started money laundering. Currently, the Bybit hacker holds 489,395 ETH (US$1.32 billion) and 15,000 cmETH (unable to withdraw) in 53 wallets.

2025-02-22 14:31:59
Bybit CEO: I agree with CZ. If the internal system is breached, all withdrawals will be suspended immediately.

Odaily News In response to CZ's suggestion to stop Bybit withdrawals on X platform, Bybit CEO Ben Zhou said: "I agree with CZ's point of view. If the hacker attack was through infiltrating our internal system (such as a part of the withdrawal system) or the hot wallet was breached, we would immediately suspend all withdrawals until the root cause of the problem is found. But in yesterday's incident, it was our ETH cold wallet (we use Safe) that was breached, which has nothing to do with any of our internal systems. Therefore, I can decisively decide to let all Bybit withdrawals and system functions operate as usual. During the crisis last night, Binance and CZ, as well as many partners and industry leaders, took the initiative to provide help. We are deeply grateful for this and feel extremely warmed by the support we have received. This incident is a huge blow to Bybit, but the entire industry has shown the power of unity. I believe that from now on, everything will only move in a better direction."

2025-02-22 15:36:19
Bybit appears to have spent $100 million buying 36,893 ETH via OTC

Odaily News According to Lookonchain monitoring, Bybit appears to have spent $100 million to purchase 36,893 ETH at $2,711 from Galaxy Digital and FalconX via OTC.

2025-02-22 15:40:47
Bybit: 10% of recovered funds will be rewarded to ethical network and security experts who recover stolen cryptocurrencies

Odaily News Bybit posted on the X platform that as part of the investigation and recovery efforts, Bybit has pledged to use 10% of the recovered funds to reward ethical network and cybersecurity experts who actively recovered the stolen cryptocurrencies in the incident.

2025-02-22 16:14:59
DWF Labs deposited 2,200 ETH to Bybit 1 hour ago, equivalent to $6.02 million

Odaily News According to Lookonchain monitoring, DWF Labs deposited 2,200 ETH, equivalent to approximately US$6.02 million, into Bybit one hour ago.

2025-02-23 00:04:03
Bybit CEO responds to whether to support Ethereum rollback to before the theft: it should be decided by community voting

Odaily News Regarding whether to support Ethereum's rollback to before the theft, Bybit CEO Ben Zhou said in Space: "I'm not sure if it's one man's decision. Based on the spirit of blockchain, maybe it should be a voting process to see what the communities want, but I am not not sure."

2025-02-23 03:19:05
34,862.5 ETH transferred from unknown wallet to Bybit

Odaily News Arkham data shows that 34,862.5 ETH was transferred from an unknown wallet to Bybit.

2025-02-23 03:36:22
Bybit is suspected of purchasing 71,755 ETH through OTC

Odaily News According to Lookonchain analysis, Bybit is suspected to have purchased 71,755 ETH through OTC.
According to previous news, Arkham data showed that 34,862.5 ETH were transferred from an unknown wallet to Bybit.

2025-02-23 04:00:11
ZachXBT: The eXch team, a centralized coin mixer used by Lazarus Group for money laundering, mistakenly sent 34 ETH to an exchange hot wallet

Odaily News Chain detective ZachXBT disclosed in a post on his personal channel that after helping the Lazarus Group, the hacker team behind the Bybit security incident, to launder $35 million, the eXch (centralized coin mixer) team mistakenly sent 34 ETH (worth $96,000) to another exchange’s hot wallet address.

2025-02-23 05:47:36
Ben Zhou calls out to eXch: Hope to reconsider preventing Bybit hacker funds from flowing out of eXch

Odaily News Bybit CEO Ben Zhou called out to eXch: “At this moment, it’s actually not about Bybit or any entity, but our general attitude towards hackers as an industry. I sincerely hope @eXch
We also had help from Interpool and international regulators to help stop these funds from leaving them.”
According to previous news, eXch rejected Bybit’s request to intercept funds, and a large amount of ETH was transferred through eXch mixing.

2025-02-23 07:45:06
34742.6 ETH transferred from Wintermute to an address that interacted with the Bybit deposit address

Odaily News Arkham data shows that 34,742.6 ETH were transferred from Wintermute to an address that interacted with the Bybit deposit address.
On-chain data shows that the address received 34,862.5 ETH from FalconX and Galaxy Digital early this morning and then transferred it to Bybit.

2025-02-23 08:09:59
Bybit may have purchased a total of 106,498 ETH in the past day or so

Odaily News According to the monitoring of on-chain analyst Ember, the address (0x2E4...b77) that may be Bybit or its affiliates received another 34,743 ETH (US$97.75 million) from Wintermute 20 minutes ago. They are likely to have purchased a total of 106,498 ETH (US$294.93 million) in the past day or so: through Galaxy Digital, FalconX, and Wintermute. This address first received ETH after receiving 100 million USDT from Bybit's cold wallet and transferring it to FalconX and Galaxy Digital. Galaxy Digital, FalconX, and Wintermute all transferred ETH from various CEXs to the 0x2E4...b77 address, and they should have all been bought on the secondary market.

2025-02-23 08:50:18
CryptoQuant Research Director: Bybit's ETH reserves have recovered to about 160,000

Odaily News Julio Moreno, head of research at CryptoQuant, published data on the X platform, saying that Bybit's ETH reserves have rebounded to about 160,000.

2025-02-23 09:00:36
Bybit: Deposits and withdrawals have fully returned to normal levels

Odaily News Bybit released an update on the X platform stating that deposits and withdrawals on Bybit have fully returned to normal levels, and the on-chain data has been confirmed.

2025-02-23 09:11:22
Bybit transfers 34,743 ETH to its hot wallet, worth $97.6 million

Odaily News According to Arkham monitoring data, about 1 minute ago, 34,743 ETH were transferred from the Bybit Deposit address to the Bybit hot wallet address, worth US$97.6 million.

2025-02-23 10:31:32
Bybit Ethereum reserves have recovered to 50% of pre-hacker levels

Odaily News Bybit exchange was hacked and lost more than $1.4 billion worth of liquid staked ETH, mETH, and other ERC-20 tokens. However, according to CryptoQuant data, within two days of the hack, Bybit replenished its ETH reserves to nearly 50% of the pre-hacker level. According to Lookonchain monitoring, Bybit may have purchased a total of 106,498 ETH ($295 million) through OTC in the past 24 hours. (Cointelegraph)

2025-02-23 12:13:01
Cosine: Share the results of the investigation into the crypto attacker Lazarus Group, but do not disclose the names of the attacked platforms

Odaily News SlowMist Yuxian posted on the X platform: "After 30 days of in-depth analysis and investigation, through forensic analysis and correlation tracking, we confirmed that the attacker was the North Korean Lazarus Group. This was a national APT attack against cryptocurrency exchanges. We decided to share the relevant IOCs (Indicators of Compromise), including some cloud service providers, agents and other IPs that were exploited, for emergency investigation by exchanges and related platforms. Please note that this disclosure does not mention which platform or platforms, nor does it say Bybit. If there is any similarity, it is really not impossible."

2025-02-23 12:24:13
Bybit hackers have exchanged 37,900 ETH for other assets across chains, and there are currently 461,491 ETH

Odaily News According to on-chain analyst Yu Jin’s monitoring, the Bybit hacker laundered the ETH at a very fast speed.
It has been almost 30 hours since the wash began yesterday afternoon. A large number of addresses have used cross-chain exchange platforms such as Chainflip, THORChain, LiFi, DLN, and eXch to exchange 37,900 ETH ($106 million) for other assets (BTC, etc.).
The Bybit hacker address currently has 461,491 ETH ($1.29 billion), and the total amount of ETH they stole from Bybit is 499,395 ($1.4 billion).

2025-02-23 12:41:26
Mirana Ventures transferred 10,000 ETH to Bybit Deposit 31 minutes ago

Odaily News According to Arkham monitoring, about 31 minutes ago, Mirana Ventures transferred 10,000 ETH worth approximately $27.97 million to Bybit Deposit, and the funds were subsequently transferred to the Bybit hot wallet address.

2025-02-23 12:55:50
Bybit: There are fraudsters impersonating Bybit employees, reminding the community to remain vigilant

Odaily News Bybit issued a warning on the X platform that there are fraudsters who will impersonate Bybit employees, reminding the community to be vigilant. Bybit will never ask for your personal information, deposits or passwords. Be sure to check the official source carefully and report any suspicious situations. If you feel there is a problem, it is likely that there is a problem. Be safe.

2025-02-23 13:28:30
Bybit attackers suspected of issuing Meme tokens on PumpFun to launder money

Odaily News On-chain data shows that the Bybit attacker is suspected of issuing Meme tokens in PumpFun for money laundering. It is reported that the attacker launched Meme coins after transferring SOL tokens to a certain address. The current market value of the relevant Meme coins has reached approximately US$2.2 million, with a trading volume of approximately US$26 million, but the liquidity is low, reminding community users to be vigilant in interactions.

2025-02-23 14:18:36
Bybit raised 254,830 ETH in 48 hours after hack

Odaily News According to updated data released by Spot On Chain, Bybit raised 254,830 ETH ($693 million) within 48 hours after the hack, including:
132,178 ETH ($367 million), likely acquired through OTC transactions with Galaxy Digital, FalconX, and Wintermute;
122,652 ETH (US$326 million), loans from trading platforms/institutions such as Bitget, MEXC, Binance and DWF Labs (it may also be personal borrowing behavior of some whales).
At the same time, the hacker has exchanged 40,944 ETH ($115 million) for BTC and other assets through Chainflip, THORChain, LiFi, DLN and eXch. Currently, the hacker still holds 458,451 ETH ($1.29 billion), accounting for about 91.7% of the stolen 499,395 ETH ($1.4 billion).

2025-02-23 14:48:28
Pumpfun frontend removes Lazarus-related meme coins

Odaily News The Pumpfun frontend has removed the Lazarus-related meme coins.

2025-02-23 15:43:25
Bybit releases blacklist API to help fund tracking and launches bounty program

Odaily News Cryptocurrency exchange Bybit has announced the launch of a new API to update the blacklist of identified suspicious wallet addresses. The API will help various project owners and security experts track and recover stolen funds more efficiently under time pressure. This list of suspicious addresses was compiled by industry white hat hackers and investigators within three days of the hack, and Bybit has received thousands of clues from industry colleagues so far.
With the joint efforts of internal and external security teams, the elite investigation team confirmed a number of malicious wallet addresses. This collaborative initiative will greatly improve the efficiency of security response and strengthen the security of the entire crypto network. Bybit will continue to update the blacklist to ensure that cybersecurity experts and partners can effectively intercept illegal activities. For contributors who successfully intercept and recover funds, Bybit will provide a 10% bounty reward.
Bybit is developing the HackBounty platform and will release an announcement at the appropriate time. This platform aims to empower the entire industry to jointly track the actions of hackers and encourage all security experts to continue to pay attention to the latest progress of this innovative program. Bybit will also continue to update the blacklist to help partners intercept illegal fund flows, and contributors who successfully recover funds will receive a 10% bounty reward.
This action has led to a historic and comprehensive cooperation in the crypto industry, forming an industry-wide Crypto's Defense Alliance. Bybit has announced a list of individuals, institutions and teams that have contributed to this emergency action, and the list is still being updated. This includes but is not limited to the following partners and peers:
Mandiant, Verichain, and Sygnia.co provided critical forensic analysis to reveal the truth behind this hack.
ZeroShadow has launched a 24/7/365 global emergency response team to assist in tracking malicious actors, fund flows, and communicate with law enforcement agencies to support investigations and recover stolen assets.
Chainalysis, Elliptic, TRM, Goplus, SEAL 911, and ZachXBT quickly marked on-chain addresses associated with the attack, limiting the hacker’s ability to launder stolen assets.
SlowMist, BlockSec, and BEOSIN provide professional security consulting and threat analysis.
VerifyVASP, AML Bot, and CryptoForensic contribute key compliance and risk assessment solutions to enhance overall security response capabilities.
Binance, Coinbase, Bitget, Polygon, Arbitrum, Optimism, Wormhole, Synapse, Connext, Chainflip, Across.to, Symbiosis.finance, AVAX, ChangeNow, fixedfloat, and cBridge provide cross-chain security measures to help block the flow of hacker funds.

2025-02-24 00:05:14
eXch denies helping Lazarus launder money

Odaily News eXch posted on the Bitcointalk forum that some people accused its service of laundering Lazarus Group funds, which was purely "opposition to decentralized cryptocurrency". Although some analysts pointed out that eXch's recent ETH trading volume has increased abnormally and its Bitcoin reserves are almost empty, eXch insisted that the funds involved were only "isolated cases" and promised to support open source privacy and security projects through donations. eXch also released screenshots of its communication with Bybit and rejected Bybit's request to block the address suspected of receiving stolen money. (The Block)

2025-02-24 00:22:00
Bybit: Successfully Frozen $42.89 Million of Stolen Funds, Thanks to the Coordination Efforts of Multiple Parties

Odaily News Bybit published a statement on the X platform stating that through the coordinated efforts of multiple parties, it successfully froze $42.89 million of stolen funds in one day. The institutions that provided assistance include Tether, THORChain, ChangeNOW, FixedFloat, Avalanche Ecosystem, CoinEx, Bitget, Circle, etc.

2025-02-24 01:37:32
Analysis: Bybit hacker has sold 50,700 ETH, Bybit bought 157,600 ETH from multiple brokers

Odaily News According to Ember’s monitoring, the Bybit hacker has now sold 50,700 ETH (US$142 million) in exchange for DAI and other on-chain assets (BTC, etc.), and currently holds 448,600 ETH (US$1.26 billion).
The address of Bybit or its affiliates (0x2E4...b77) purchased a total of 157,600 ETH (US$441 million) through three brokers, Galaxy Digital, FalconX, and Wintermute, in the past two days and then transferred it to Bybit.

2025-02-24 02:39:39
Bybit has accumulated 446,870 ETH through various channels

Odaily News According to Lookonchain monitoring, Bybit has accumulated 446,870 ETH through various channels, worth approximately US$1.23 billion.

2025-02-24 03:33:01
Bybit CEO: Bybit has fully made up for the ETH shortfall

Odaily News Bybit CEO Ben Zhou posted an update saying, "Bybit has fully made up for the ETH shortfall, and a new audited Proof of Assets (POR) report will be released soon, so stay tuned."