Users withdraw over $5.5 billion from Bybit exchange after being hacked

According to data fromDeFiLlama, the total assets tracked on wallets related to the Bybit exchange dropped sharply from 16.9 billion to 11.2 billion USD on the morning of February 23. The mass withdrawal of users occurred right after Bybit was attacked by a hacker group, believed to be Lazarus, and emptied the exchange's ETH cold wallet.

During yesterday's livestream on X Spaces, Bybit CEO Ben Zhou said he called on "everyone to pitch in" to serve customers processing withdrawals and answering questions about what was going on, according toCoindesk.

Zhou revealed that the hackers took about 70% of customers' ETH, meaning Bybit needed to quickly secure loans to be able to process withdrawals. However, he discovered today that ETH was not the most withdrawn token, instead, most users withdrew stablecoins from the exchange.

Bybit's head said the exchange had enough reserves to cover these withdrawals, but the crisis became more serious when Safe temporarily shut down smart wallet functions on Bybit to "ensure absolute trust in the security of the platform."

Safe is a decentralized custody protocol that provides smart contract wallets for managing digital assets. Some exchanges that integrate Safe such as Bybit allow users to maintain custody of their funds and have multi-signature functionality to enhance cold wallet security.

According to Zhou, $3 billion in USDT, which the exchange used to support user withdrawals, was in the closed Safe wallet. Safe representatives said they "found no evidence that Safe's security protocols were compromised," but they still temporarily shut down "some functions" as a precaution.

In response, Zhou asked his team to work with Safe to “find a better way to get this money out.” The team eventually developed new software with “Etherscan-based” code to verify signatures “at a very manual level” to move stablecoins back to wallets and handle the surge in withdrawals on the exchange. The Bybit team said it took an all-nighter to implement and faced a massive withdrawal of “about 50%” of the exchange’s total funds.

Following the incident, Bybit has moved a significant amount of funds out of Safe's cold wallet and is choosing a system to replace Safe.

Ben Zhou said the hack was reported to the authorities and said Singapore authorities were taking the matter “very seriously,” adding that he believed the incident had been reported to Interpol. “As long as Bybit is still there and pursuing this, I hope we can get this money back,” he said.

The exact cause of the Bybit hack has not been determined. Zhou said that staff laptops were not compromised. Transactions were reviewed but were likely routine.

"We know for sure that the cause is due to the Safe cold wallet. Whether the problem is due to our laptop or Safe's side, we don't know yet," Zhou added.

On February 21, Bybit was hacked for $1.46 billion worth of ETH, the largest cryptocurrency hack in history when converted to USD. Some of the previous major incidents include the $470 million Mt Gox hack, the $530 million CoinCheck hack in 2018, and the $650 million Sky Mavis Ronin Bridge project in 2022.CNBCThe hack is linked to the notorious hacker group Lazarus, according to blockchain analytics firm Elliptic.

Last week, CEO Ben Zhou sparked controversy when he refused to list Pi. On the morning of February 21, the same day the hack occurred, he also posted a warning implying that the Pi Network project was a scam.