Bybit, a leading cryptocurrency exchange, has called on top cybersecurity experts to assist in recovering $1.5 billion (£1.2 billion) stolen in what is believed to be the largest single digital theft in history. The Dubai-based platform revealed that an attacker gained access to an Ethereum wallet and transferred the funds to an unknown destination.
Despite the breach, Bybit has assured its customers that their assets remain secure. Co-founder and CEO Ben Zhou took to social media to confirm that all affected users would be fully refunded, even if the stolen funds were not recovered. He emphasized that the company remains financially solvent, with $20 billion in customer assets, and is prepared to cover any losses through internal funds or loans from partners.
Bybit, which ranks as the world’s second-largest cryptocurrency exchange by trading volume and serves over 60 million users, has experienced a surge in withdrawal requests following the attack. According to Zhou, more than 350,000 withdrawal requests were submitted, leading to possible processing delays.
The breach occurred during a routine transfer of Ethereum from a secure offline “cold” wallet to a “warm” wallet used for daily trading. Exploiting security controls, the attacker managed to transfer the funds while other wallets remained unaffected. The incident briefly caused Ethereum’s price to drop by nearly 4%, though it has since rebounded.
In an effort to recover the stolen assets, Bybit is offering a 10% reward for any retrieved funds, potentially amounting to $140 million. The company has pledged to enhance its security infrastructure, improve liquidity, and maintain its commitment to the crypto community.
The attack represents a setback for the cryptocurrency industry, which has been experiencing renewed optimism following Donald Trump’s return to the White House and his pro-crypto stance. Although the identity of the hacker remains unknown, speculation has arisen that North Korean state-sponsored cybercriminals, such as the Lazarus Group, may be involved. The group has been linked to previous large-scale thefts, including the $615 million hack of the Ronin blockchain project in 2022.
Bybit’s response to the crisis will be closely watched as the company works to restore trust and reinforce security in the evolving crypto landscape.