Summary
- Bybit CEO Ben Zhou said the exchange filled the gap in its ETH reserves after a $1.4 billion exploit.
- The exchange plans to release an audited proof of reserves report to verify that Bybit has restored its client assets on a one-to-one basis.
- The attackers injected fraudulent code into the transaction that the signers unknowingly approved.
Bybit co-founder and CEO Ben Zhou confirmed that the exchange has replenished its ETH reserves after a $1.4 billion exploit last week and plans to release an audited proof of reserves (POR) report to verify this.
“Bybit has fully closed the ETH gap; an audited POR report will be published soon to confirm that Bybit is back to 100% 1:1 on client assets using a Merkle tree,” Zhou stated. According to on-chain data from Lookonchain, Bybit appears to have addressed the shortfall with loans, whale deposits, and ETH purchases.
On February 21, Bybit experienced a significant attack, resulting in the theft of over 400,000 ETH. The attackers exploited a standard multi-signature approval process by presenting a fake UI to mask a malicious smart contract, leading to a $1.4 billion heist.
This breach marked the largest crypto hack in history, depleting a large portion of Bybit‘s ETH reserves and raising concerns about the exchange’s liquidity and its ability to fulfill user withdrawal demands. To stabilize operations, Bybit quickly secured emergency liquidity through short-term bridge loans from crypto industry partners, as described by CEO Ben Zhou.
These loans are designed to cover the stolen ETH, ensuring Bybit has the necessary funds to handle a surge in withdrawal requests and prevent a potential collapse similar to a bank run. Additionally, the exchange seems to have replenished its reserves by purchasing large amounts of ETH through OTC transactions.
Zhou had earlier reassured users that Bybit remained solvent, stating that the exchange’s treasury and retained earnings were enough to cover the loss from the exploit, even if the stolen funds were not recovered, and that client assets were secured. With the replenished ETH reserves, Bybit is expected to process all withdrawal requests without issue.
The $1.4 billion attack on Bybit targeted the exchange’s multi-signature (multisig) cold wallet, which requires multiple approvals for transactions. In this case, the wallet was conducting a routine transfer to a warm wallet (used for operational liquidity). During the process, attackers believed to be the North Korean Lazarus Group manipulated the transaction, deceiving both the system and its human operators.
The attackers used a method described by Zhou as a “masked” transaction, altering the user interface (UI) that wallet signers interacted with. The UI displayed a legitimate destination address, while the underlying smart contract was secretly altered. The attackers injected fraudulent code, which was unknowingly approved by the signers. Instead of transferring the funds to the warm wallet as intended, the altered smart contract redirected control of the cold wallet’s assets—around 401,347 ETH, along with related tokens like liquid-staked ETH (stETH) and Mantle Staked ETH (mETH) — to an address controlled by the hackers.
Also Read: U.S. Senate Introduces a 2nd BTC Reserve Bill
*Disclaimer*: We at Bitcoinleef.com present you with the latest information in the crypto market. However, this information should not be regarded as financial advice and viewers should consult their financial advisors before investing.
Wallets