Bybit CEO Ben Zhou has announced that the crypto exchange has nearly eliminated its $1.4 billion Ethereum (ETH) deficit following a large-scale hack.
Confirming the findings of on-chain analytics platform Lookonchain, Zhou stated, “Latest update: Bybit has already fully closed the ETH gap.”
Lookonchain reported that Bybit recovered 88% of the stolen funds—about 446,870 ETH worth $1.23 billion—through a combination of loans, whale deposits, and direct purchases.
Since being hacked, #Bybit has received ~446,870 $ETH($1.23B) through loans, whale deposits, and ETH purchases.#Bybit has nearly closed the gap. pic.twitter.com/0oz3ytLi4X
— Lookonchain (@lookonchain) February 24, 2025
The hack, carried out by North Korea’s Lazarus Group, exploited a vulnerability in Bybit’s Ethereum cold wallet last Friday, resulting in the theft of $1.4 billion in ETH and stETH. The incident led to massive withdrawals, with over $5.3 billion exiting the exchange in a single day.
To replenish its reserves, Bybit leveraged over-the-counter (OTC) transactions and partnered with major crypto firms, including Galaxy Digital, FalconX, and Wintermute. Blockchain data shows that a wallet linked to Bybit, “0x2E45…1b77,” purchased 157,660 ETH for $437 million, while another, “0xd7CF…A995,” acquired 304,000 ETH through various trading platforms like Binance and MEXC.
Despite the attack, Bybit reassured users that its reserves remained stable. Zhou also confirmed that a proof-of-reserves report, using Merkle tree verification, will be released soon to demonstrate the exchange’s full asset backing.
Meanwhile, Lazarus Group has been moving the stolen funds across decentralized exchanges and privacy protocols to obscure their trail. Blockchain intelligence firm Elliptic tracked over $140 million converted into Bitcoin, making recovery efforts more challenging.
Bybit acknowledged industry partners such as Tether, Circle, and THORChain for freezing $42.89 million of the stolen assets. “Respect to their teams for their timely responses,” the exchange tweeted, recognising their role in blocking blacklisted addresses.
Credit: Decrypt (Text Excluding Headline)
