Bybit Exchange Secures 254,830 ETH Through OTC Deals After $1.4B Hack
TLDR
- Bybit recovered nearly 100% of lost Ethereum (254,830 ETH) within 48 hours through OTC deals and loans after a $1.4B hack
- The exchange secured ETH through deals with Galaxy Digital, FalconX, Wintermute, and loans from Bitget, MEXC, Binance, and DWF Labs
- The hacker still holds 458,451 ETH ($1.29B), having laundered 40,944 ETH ($115M) into Bitcoin and other assets
- A joint industry effort has frozen $43M of stolen funds within two days
- Bybit launched a Recovery Bounty Program offering 10% rewards on recovered assets, up to $140M
In a swift response to one of the largest cryptocurrency exchange hacks in history, Bybit has recovered nearly $700 million worth of Ethereum within 48 hours of the security breach. The exchange secured 254,830 ETH through a combination of over-the-counter (OTC) deals and institutional loans, demonstrating the crypto industry’s ability to respond rapidly to security incidents.
The recovery effort began immediately after hackers exploited Bybit’s multisig cold wallet using a masked URL trick to manipulate contract logic, resulting in the theft of over 401,000 ETH, valued at approximately $1.4 billion. According to blockchain analytics firm Lookonchain, Bybit purchased 266,700 ETH worth $742 million across two days to address the shortage.
It seems that #Bybit has bought 266,694 $ETH($742M) after being hacked.
0x2E45…1b77(related to #Bybit) bought 157,660 $ETH($437.82M) from Galaxy Digital, FalconX, Wintermute via OTC.
0xd7CF…A995(likely related to #Bybit) bought 109,033 $ETH($304.12M) from DEXs and CEXs.… pic.twitter.com/8FfGZo18OU
— Lookonchain (@lookonchain) February 24, 2025
The exchange’s recovery strategy involved multiple channels. Data from SpotOnChain reveals that 132,178 ETH, worth $367 million, was obtained through OTC deals with major crypto firms including Galaxy Digital, FalconX, and Wintermute. These transactions were initiated through a wallet identified as “0x2E45…1b77,” which made its first transaction on February 22 at 4:44 PM UTC.
Additional funds came through institutional loans, with Bybit securing 122,652 ETH (valued at $326 million) from various exchanges and institutions. These lenders included Bitget, MEXC, Binance, and DWF Labs, showing broad industry support for the recovery effort.
A second wallet, “0xd7CF…A995,” participated in a $304 million Ethereum purchase conducted through both centralized and decentralized exchanges. While not officially confirmed as belonging to Bybit, blockchain intelligence firms Lookonchain and Arkham Intelligence have identified transaction patterns linking the wallet to the exchange.
Ben Zhou, CEO and co-founder of Bybit, confirmed the exchange’s return to normal operations. “Bybit has already fully closed the ETH gap,” Zhou stated, announcing that a new audited Proof of Reserves report would soon demonstrate the exchange’s restoration of 100% 1:1 client asset backing through merkle tree verification.
Latest Update: Bybit has already fully closed the ETH gap, new audited POR report will be published very soon to show that Bybit is again Back to 100% 1:1 on client assets through merkle tree, Stay tuned. https://t.co/QLa1vOujM6
— Ben Zhou (@benbybit) February 24, 2025
The Recovery Unfolds
The hacker responsible for the breach has begun moving the stolen funds across multiple wallets. Of the total amount stolen, 40,944 ETH ($115 million) has been laundered into Bitcoin and other assets using various platforms including Chainflip, THORChain, LiFi, DLN, and eXch. However, the majority of the stolen funds—458,451 ETH ($1.29 billion), representing 91.7% of the total—remains in the hacker’s possession.
In response to the ongoing threat, a coordinated effort between major blockchain entities has successfully frozen $42.89 million of the stolen funds within just one day. Platforms including Tether, THORChain, Avalanche, CoinEx, Bitget, and Circle have collaborated to identify and block blacklisted addresses, limiting the attacker’s ability to launder the stolen cryptocurrency.
A coordinated effort led to the freezing of $42.89M in just one day. Thanks to the following teams for their swift action: @Tether_to: Flagged address and froze 181K USDT @THORChain: Blocked the blacklist @ChangeNOW_io: Froze 34 ETH @FixedFloat: Froze 120K USDC + USDT…
— Bybit (@Bybit_Official) February 23, 2025
To incentivize the recovery of remaining funds, Bybit has launched a Recovery Bounty Program. The program offers a 10% reward on any recovered assets, with the potential for rewards reaching $140 million if the full amount is successfully retrieved.
Lookonchain data indicates that Bybit has received approximately 446,870 ETH, roughly $1.23 billion, from whale deposits, loans, and ETH purchases since the hack occurred. These funds have helped stabilize the exchange’s operations and maintain its ability to serve users.
The hack was executed through a sophisticated attack involving a masked URL trick that compromised the exchange’s multisig cold wallet. This security breach ranks among the largest in cryptocurrency exchange history, highlighting the ongoing challenges faced by digital asset platforms in securing user funds.
Despite the scale of the attack, Bybit has maintained its financial stability throughout the incident. CEO Ben Zhou has assured users that their funds remain secure, emphasizing the exchange’s commitment to protecting client assets.
The recovery effort continues as industry participants work together to track and freeze additional stolen funds. The collaboration between major crypto platforms demonstrates the sector’s ability to respond collectively to security threats.
As of February 24, 2025, Bybit’s recovery efforts remain ongoing, with the exchange working closely with industry partners to identify and secure any remaining stolen assets through its bounty program and continued monitoring of blockchain transactions.
The post Bybit Exchange Secures 254,830 ETH Through OTC Deals After $1.4B Hack appeared first on Blockonomi.
