Bybit restores Ethereum reserves following $1.4B breach, launches $140M bounty program

Bybit CEO Ben Zhou confirmed that the exchange restored Ethereum (ETH) reserves following the recent $1.4 billion security breach.

In a Feb. 24 post on X, Zhou announced that Bybit will soon release an updated proof-of-reserves report demonstrating that it now holds client assets 1:1.

He stated:

“Bybit has already fully closed the ETH gap, new audited POR report will be published very soon to show that Bybit is again Back to 100% 1:1 on client assets through merkle tree.”

Zhou’s statement confirmed a report from blockchain analytics firm Lookonchain. The firm stated that Bybit replenished its reserves through over-the-counter (OTC) purchases, whale deposits, and loans from major crypto platforms, including Binance, Bitget, and HTX.

Lookonchain said the embattled exchange purchased 157,660 ETH worth roughly $437.8 million from investment firms such as FalconX and Wintermute via OTC transactions.

Additionally, it acquired another $304 million in ETH from centralized and decentralized exchanges.

Fund recovery efforts

While the exchange might have closed its platform’s ETH gap, it has stepped up its recovery efforts by initiating a 10% bounty program and freezing some stolen funds.

On Feb. 22, the crypto trading platform launched a bounty program that encouraged ethical hackers and cybersecurity experts to assist in the recovery process.

The exchange has pledged a reward of up to 10% of the recovered funds, potentially offering as much as $140 million if the full amount is reclaimed.

Zhou said:

“Bybit launched a bounty program on February 22, encouraging ethical hackers and cybersecurity experts to assist in the recovery process. The exchange has pledged a reward of up to 10% of the recovered funds, potentially offering as much as $140 million if the full amount is reclaimed.”

Meanwhile, Bybit has also collaborated with various crypto platforms to freeze and recover stolen assets.

So far, the exchange has successfully frozen approximately $43 million through partnerships with entities such as Tether, ThorChain, Bitget, ChangeNow, Fixed Float, Avalanche, Circle, and CoinEx.

Bybit added:

“Through swift action and effective coordination, the mETH Protocol team successfully recovered 15,000 cmETH tokens worth approximately $43 million”

Laundering techniques

However, despite these recovery efforts, the attackers have already begun laundering the stolen funds.

Blockchain forensics firm Elliptic noted that the laundering methods closely resemble techniques used by the Lazarus Group, a notorious cybercriminal organization.

According to the firm, the hackers immediately converted stolen tokens into ETH through decentralized exchanges (DEXs) to evade asset freezing. This move helped bypass restrictions that issuers might impose on specific tokens.

Within two hours of the attack, funds were spread across 50 wallets, each holding about 10,000 ETH. These wallets are now being systematically emptied, with at least 10% of the stolen assets already in motion.

Elliptic continued that the attackers have also started converting ETH into Bitcoin using various trading services.

If past laundering patterns persist, the attackers will likely employ mixers such as Tornado Cash to conceal their activities further. However, the sheer volume of stolen assets may complicate this process.

Meanwhile, on-chain investigator ZachXBT also discovered that the attackers attempted to launder funds using memecoins on Solana’s Pump.Fun platform.

The blockchain sleuth noted that one of the exploited wallets transferred 60 SOL to another address to create a token named QinShihuang, which saw over $26 million in trading volume.

The Solana Foundation and Pump.Fun responded by blocking and removing the token, preventing the attackers from cashing out further. Bybit applauded the swift action, highlighting the importance of community-driven security measures in crypto.

The post Bybit restores Ethereum reserves following $1.4B breach, launches $140M bounty program appeared first on CryptoSlate.

This article was originally published on Bitcoin Magazine.