Bybit Hack: $140M Bounty Offered to Recover Stolen Crypto

Significant Ethereum Theft at Bybit Leads to $140 Million Bounty

A substantial breach occurred last week, with hackers successfully stealing approximately $1.4 billion in Ethereum cryptocurrency from the Bybit exchange. This incident is currently considered the largest cryptocurrency theft recorded to date.

Bounty Program Launched for Fund Recovery

In response, Bybit has announced a comprehensive bounty program totaling $140 million. This initiative aims to incentivize individuals to assist in tracing and freezing the misappropriated funds.

Ben Zhou, CEO and co-founder of Bybit, publicized the bounty details via a post on X (formerly Twitter) on Tuesday.

Bounty Structure and Initial Rewards

According to the official bounty program website, a 5% reward will be granted to anyone who successfully traces the stolen funds. An additional 5% will be awarded to the entity responsible for freezing those assets.

As of the current time, Bybit has already distributed $4.23 million in bounties to five individuals, as reported on the program’s website. The site’s logo features a striking image of a knife penetrating the head of North Korean leader Kim Jong-un.

Pursuit of Lazarus Group and Future Expansion

Ben Zhou stated a firm commitment to eliminating the threat posed by Lazarus Group, or other malicious actors within the cryptocurrency industry. He also indicated plans to extend the bounty program to assist other victims of Lazarus Group in the future.

Lazarus Group is a designation used by the cybersecurity community to identify a collective of North Korean-backed hackers who primarily focus on cryptocurrency thefts.

Attribution to North Korean Hackers

Numerous security researchers and crypto security firms suspect the perpetrators of the Bybit heist are affiliated with the North Korean government. Over the years, North Korea has demonstrated increasing proficiency in targeting crypto exchanges and web3 companies.

Government reports from the United States, Japan, and South Korea indicate that approximately $650 million in cryptocurrency has been stolen by North Korean actors in 2024 alone.

Forensic Investigation Findings

On Wednesday, Ben Zhou released preliminary findings from the forensic investigation into the hack. This investigation was conducted by Sygnia Labs and Verichains.

Sygnia Labs determined that the attack’s origin was malicious code originating from the infrastructure of SafeWallet, a cryptocurrency wallet platform.

Verichains reported that a legitimate JavaScript file was replaced with a malicious variant, specifically targeting Bybit’s Ethereum Multisig Cold Wallet.

Compromised Developer Device

Both security firms concluded that the hackers gained access through a compromised developer device at SafeWallet, a fact that SafeWallet has also confirmed.