Original | Odaily Planet Daily (@OdailyChina)
Author | Wenser (@wenser2010)
The incident last weekend involving "Bybit being hacked for over $1.5 billion and more than 500,000 ETH-related assets" nearly became "another FTX moment" for the crypto industry.
Fortunately, thanks to Bybit's official swift and effective post-incident handling, the support from various sectors of the crypto industry, and the strong backing from security teams, this "largest theft in history" has been largely brought under control. However, the subsequent movements of the Lazarus Group hackers' funds, Bybit's further actions, and the recovery of the stolen funds continue to concern those in the crypto industry. After all, such a large amount of ETH has a significant impact on market conditions.
Odaily Planet Daily will summarize the latest developments of the incident in this article for readers' reference.
For background, see “Bull Market Black Swan: Bybit Hacked for Over $1.5 Billion, 514,000 ETH Dumped on the Market?”.
Key data on Bybit hack: Losses exceed $1.5 billion, hackers have sold 57,000 ETH, worth $142 million
Currently, there is some disagreement in the market regarding the specific amount involved in the Bybit hack, partly due to the stolen assets including native ETH and derivative assets, which have experienced some price fluctuations. According to the initial announcement released by Bybit, the loss is over $1.5 billion.
Bybit Loss Amount: Total value exceeds $1.5 billion, including over 510,000 ETH and derivative assets
Previously, The Wall Street Journal cited the view of security firm CertiK, stating that this Bybit hack is the largest single theft in crypto history, with the stolen assets valued at over $1.4 billion.
According to monitoring statistics from security firm Beosin Trace, a total of 514,723 ETH and derivative assets were stolen, including:
401,347 ETH, worth $1.12 billion;
90,376 stETH, worth $253.16 million;
15,000 cmETH, worth $44.13 million;
8,000 mETH, worth $23 million.
Additionally, according to the hacker incident panel on the DefiLlama website, the Bybit hack, with over $1.4 billion in stolen assets, is the largest security incident in cryptocurrency history, accounting for about 14% of the total stolen amount in all security incidents in cryptocurrency history. The panel data shows that the total amount stolen in cryptocurrency history exceeds $10.62 billion, with DeFi-related stolen assets reaching $6.31 billion, and stolen assets from various bridging projects amounting to $2.87 billion.
DefiLlama panel
Latest Developments: Hackers have sold 57,000 ETH, remaining assets still amount to $1.26 billion
According to on-chain analyst Yu Jin's monitoring, the Bybit hacker has now sold 50,700 ETH ($142 million) in exchange for DAI and other on-chain assets (such as BTC).
They still hold 448,600 ETH ($1.26 billion).
Additionally, there are still 15,000 cmETH (worth $43 million) that were promptly handled by the mETH Protocol officials, and the funds have been recovered, which has also been confirmed by mETH Protocol official personnel.
Hacker Money Laundering Channels: Mixers, Cross-Chain Bridges, and Even Meme Coins
It is worth noting that after the Bybit hack, the Lazarus Group has adopted more diverse methods to launder the stolen funds: in addition to the previously mentioned conventional methods of using mixers and cross-chain bridge protocols like Chainflip, THORChain, LiFi, DLN, and eXch to convert ETH assets into BTC and other assets, the hackers have also chosen to issue Meme coins as a laundering avenue.
On-chain data shows that the Bybit attackers transferred SOL tokens to a certain address and then launched a Meme coin, which currently has a market value of about $2.2 million and a trading volume of about $26 million, but with low liquidity, warning community users to be cautious in their interactions.
Additionally, according to ZachXBT's disclosure, the attackers received $1.08 million from the Bybit hack through the address "0x363908…d7d1," and later transferred USDC across chains to the Solana chain. The address "EFmgz8…dq2P" transferred all USDC on the Solana chain to two addresses on the BSC chain. These two BSC addresses programmatically dispersed the USDC to over 30 addresses, ultimately consolidating to the address "0x0be9…5a3," where the money launderers exchanged the SOL obtained for meme coins.
Bybit's official response: Raised 254,800 ETH, launched a 10% hacker bounty program
Following the incident, Bybit's further handling has also been commendable, specifically divided into the following three aspects:
ETH Reserves: 446,800 ETH raised, worth $1.23 billion
Bybit or its affiliated addresses (0x2E4…b77) purchased a total of 157,600 ETH (worth $441 million) through three brokers: Galaxy Digital, FalconX, and Wintermute over the past two days, which were then transferred to Bybit.
According to Spot On Chain monitoring, Bybit raised 254,830 ETH ($693 million) within 48 hours after the hack, including:
132,178 ETH ($367 million), possibly obtained through OTC transactions with Galaxy Digital, FalconX, and Wintermute;
122,652 ETH ($326 million), from loans from trading platforms/institutions such as Bitget, MEXC, Binance, and DWF Labs (which may also be personal borrowing by certain whales).
According to LookonChain monitoring, since the attack, Bybit has cumulatively obtained 446,870 ETH through loans, whale deposits, and purchases, valued at approximately $1.23 billion.
In the latest news, Bybit CEO Ben Zhou stated, "Bybit has fully filled the ETH gap, and a new audit POR (Proof of Reserves) report will be released soon."
Cumulatively raised over 440,000 ETH, worth $1.226 billion
Fund Freezing and Recovery: $42.89 million frozen within 24 hours
On the evening of February 23, around 11 PM, Bybit officially announced that through multi-party coordination efforts, they successfully froze $42.89 million of the stolen funds within a day.
The assisting institutions and specific amounts are as follows:
Tether - blacklisted related addresses and froze 182,000 USDT;
THORChain - blacklisted and marked related addresses;
ChangeNOW - froze 34 ETH;
FixedFloat - froze $120,000 in USDC and USDT;
Avax - froze 0.38755 BTC;
CoinEx - blacklisted related addresses and provided key assistance;
Bitget - blacklisted related addresses and froze 84 USDT;
Circle - assisted in connecting and providing key clues, etc.
Bounty Program: Offering a 10% reward for recovered funds, totaling over $140 million
On February 22, the day after the theft incident, Bybit officially stated, "As part of the investigation and recovery efforts, Bybit commits to offering 10% of the recovered funds as a reward to ethical networks and cybersecurity experts who actively help recover the stolen cryptocurrency during the incident."
Subsequently, Bybit officially confirmed this bounty and updated the hacker wallet address blacklist API plan. It is understood that this API will assist various project parties and security experts in efficiently tracking and recovering stolen funds under time constraints. This list of suspicious addresses was compiled within three days after the hacker attack by industry white hat hackers and investigators, and Bybit has received thousands of leads from industry peers so far. Bybit will provide a 10% bounty reward for contributors who successfully intercept and recover funds.
In addition, Bybit is developing the HackBounty platform and will announce it at an appropriate time. This platform aims to empower the entire industry to jointly track the hackers' actions and encourage all security experts to keep an eye on the latest developments of this innovative program. Bybit will also continuously update the blacklist to help partners intercept illegal fund flows.
Furthermore, these advancements are inseparable from the Bybit team, especially the close communication and collaboration between co-founder and CEO Ben Zhou and the outside world, particularly in reaching out for help. This is also why the industry did not experience a new round of market decline after Bybit was hacked for over $1.5 billion.
Possible Future: Some are pessimistic, some are optimistic, and some believe it will be a protracted battle
After the Bybit hack incident, opinions in the market regarding the future of the crypto industry, especially the subsequent direction of ETH, have diverged. Representative viewpoints are as follows:
Optimists: Zhu Su believes ETH will reach an all-time high
Previously, Zhu Su stated that a large number of traders opened short positions amid the panic over the theft of Bybit's ETH assets, and now ETH finally has a narrative for reaching an all-time high (i.e., short squeeze).
Pessimists: Santiment believes the market has become overly fearful
Santiment previously stated that the Bybit hack has caused a shock in the crypto space, coupled with concerning news this week regarding LIBRA and other contributing factors. As Bitcoin plummeted, the crowd exhibited extreme fear. According to sentiment scores, the negative sentiment in the crypto community is similar to the situation before the price rebound on February 17 and 18. While nothing is certain, and a major exchange hack can have a lasting impact on the crowd's perception, it is important to remember that the market almost always moves in the opposite direction of retail traders' expectations.
BTC price short-term low at $91,500
Protracted Battle Prototype: The Lazarus Group's disposal process will last for years
As the hacker organization behind the Bybit theft, the Lazarus Group has always received significant attention. Chainalysis previously released a report on the organization's "disposal" of stolen funds. Generally, the Lazarus Group follows a three-step process to "dispose" of the stolen funds: the first step is to convert all ERC20 tokens (including liquidity derivative tokens like stETH) into ETH; the second step is to convert ETH into BTC; the third step is to gradually cash out BTC into fiat currency through Asian exchanges. The entire process may take years.
Conclusion: Ethereum will not roll back, Bybit needs time to recover
Previously, Coinbase executive Conor Grogan stated that the Bybit hacker, holding nearly 500,000 ETH, has become the 14th largest ETH holder globally, accounting for 0.42% of Ethereum's total supply, surpassing Fidelity and Vitalik's Ethereum holdings, and is more than twice the Ethereum Foundation's ETH holdings. Despite this, Vitalik and the Ethereum Foundation have not yet commented on the matter, although Arthur Hayes and DWF Labs partner Andrei Grachev have expressed curiosity about it.
However, times have changed, and Ethereum can no longer return to the moment of The DAO hard fork; a rollback is no longer possible. After all, in just three days, the transaction volume in the Ethereum ecosystem has reached hundreds of millions. What remains for Bybit is the need for a short-term capital fill and the recovery of stolen funds, as well as good operations over a longer period to restore user trust and fill the funding gap.
The future remains bright; although the process may involve growing pains, it is a necessary path for growth.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
