In an unprecedented move, cryptocurrency exchange Bybit has announced a $140 million bounty program aimed at recovering over $1.4 billion in digital assets stolen during a recent cyberattack. This initiative underscores the exchange’s commitment to security and its proactive approach to combating cybercrime in the crypto industry.
On February 21, 2025, Bybit suffered a significant security breach, resulting in the theft of approximately 400,000 Ethereum (ETH) and other related tokens, valued at over $1.4 billion. This incident is considered the largest cryptocurrency theft to date. The hackers exploited vulnerabilities during a routine transfer from Bybit’s cold wallet to a warm wallet, manipulating the transaction to divert funds to an unauthorized address.
The Federal Bureau of Investigation (FBI) has attributed the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for its involvement in previous cybercrimes targeting the crypto sector. The stolen assets are believed to be laundered through various blockchain networks to obscure their origins.
In response to the heist, Bybit launched a bounty program on February 22, 2025, offering up to 10% of any recovered funds to individuals or entities that assist in tracing and freezing the stolen assets. This means that successful contributors could earn a share of up to $140 million, making it one of the most substantial bounties in the crypto industry’s history.
Bybit CEO Ben Zhou emphasized the importance of community collaboration in combating cyber threats. “Within 24 hours of the event, we were overwhelmed with support from some of the best people and organizations in the industry,” Zhou stated. “We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors.”
Since the launch of the bounty program, Bybit has reported significant progress in recovering the stolen funds. As of the latest updates, approximately $42.89 million worth of assets have been frozen, thanks to the efforts of cybersecurity experts and blockchain analysts.
Notably, on-chain investigator ZachXBT played a crucial role in identifying the Lazarus Group’s involvement in the hack. His analysis traced the movement of the stolen funds across multiple blockchain addresses, leading to the freezing of a portion of the assets. For his contributions, ZachXBT was awarded a 50,000 ARKM bounty.
In addition to the bounty program, Bybit has taken steps to enhance its security infrastructure to prevent future breaches. The exchange has implemented stricter protocols for fund transfers between wallets, increased the frequency of smart contract audits, and partnered with blockchain analytics firms to monitor suspicious activities.
Bybit has also assured its users that customer assets remain secure and that the exchange maintains a 1:1 reserve ratio. Despite the scale of the theft, Bybit’s financial stability has allowed it to process over 350,000 withdrawal requests since the incident, demonstrating its resilience in the face of adversity.
The Bybit hack has sent shockwaves through the cryptocurrency industry, highlighting the persistent threat of cyberattacks and the need for robust security measures. It also underscores the importance of collaboration between exchanges, cybersecurity experts, and law enforcement agencies in addressing such threats.
The FBI’s attribution of the attack to North Korea’s Lazarus Group has raised concerns about the role of state-sponsored actors in targeting the crypto sector. The stolen funds are believed to support North Korea’s sanctioned nuclear and ballistic missile programs, adding a geopolitical dimension to the cybercrime.
Bybit’s $140 million bounty program represents a significant step in the ongoing battle against cybercrime in the cryptocurrency industry. By incentivizing the global community to assist in recovering stolen assets, Bybit not only aims to mitigate the impact of the recent heist but also sets a precedent for proactive and collaborative responses to such incidents.
As the investigation continues and more assets are potentially recovered, the success of this initiative could serve as a model for other exchanges facing similar threats. It also reinforces the importance of transparency, resilience, and community engagement in building a secure and trustworthy crypto ecosystem.