Abdelrahman
In a significant security breach last week, Bybit, a prominent cryptocurrency exchange, lost an estimated $1.4 billion in Ethereum to hackers, marking one of the largest crypto thefts on record. In response, the exchange is now offering $140 million in rewards to individuals who assist in tracking and securing the stolen funds.
Ben Zhou, the CEO and co-founder of Bybit, shared details of the bounty through a post on X this past Tuesday.
On the official bounty announcement page, Bybit clarifies that whenever someone successfully traces and freezes a portion of the stolen assets, 5% of that amount will be rewarded to the finder and another 5% to the entity that implemented the freeze.
As of now, Bybit has already distributed $4.23 million in rewards to five bounty hunters, according to the information on their site, which prominently features a logo depicting a knife appearing to penetrate the head of North Korean leader Kim Jong-un.
Contact Us
If you have additional information regarding the Bybit hack or other cryptocurrency thefts, please reach out to Lorenzo Franceschi-Bicchierai securely via Signal at +1 917 257 1382 from a personal device and network, or connect with him on Telegram and Keybase @lorenzofb, or email. You can also send tips to TechCrunch through SecureDrop.
Zhou expressed a firm resolve stating, “We will not rest until we eliminate Lazarus or any other malicious entities in this field. In the future, we plan to extend the bounty to aid other victims affected by Lazarus,” referring to the Lazarus Group, a network of hackers aligned with North Korea, primarily targeting cryptocurrency assets.
Numerous security analysts and cryptocurrency monitoring agencies suspect that the attackers behind the Bybit heist are linked to the North Korean government, which has increasingly refined its strategies for targeting crypto exchanges and web3 organizations, having reportedly stolen $650 million in cryptocurrency in 2024 alone, according to U.S., Japanese, and South Korean officials.
On Wednesday, Zhou published preliminary findings from an investigative analysis of the breach, conducted by Sygnia Labs and Verichains. The investigation revealed that the attack originated from malicious code infiltrating SafeWallet, a crypto wallet platform. Verichains noted that a harmless JavaScript file had been substituted with a harmful version specifically aimed at Bybit’s Ethereum Multisig Cold Wallet.
Both security firms concluded that the hackers gained access through a developer’s device at SafeWallet, a fact that has been confirmed by the company.
