Bybit CEO Ben Zhou confirmed in a Friday livestream that the $1.5 billion hack against his crypto exchange lost the firm the vast majority of its customers’ ETH holdings.

“I believe it was around seventy percent,” Zhou told viewers, when asked how much was lost relative to the company’s ETH assets under management. “We normally keep sixty to seventy prevent in the cold wallets, and I believe this was the amount.”

What Caused The Hack?

The breach, first flagged by on-chain sleuth ZachXBT and other high profile accounts on Friday, saw over 400,000 Ether suspiciously leave Bybit’s cold wallet address, before rapidly being swapped its staked mETH and stETH tokens for ETH.

Security experts at Cyvers told CryptoPotato that the hackers tricked those controlling the keys to Bybit’s cold wallet into signing a malicious transaction which, from the signers’ perspectives, looked honest at the time. Jack Sanford, CEO of Sherlock DeFi, had similar findings, said the transaction would have changed the rules of the multisig wallet’s smart contract to bend to the hackers’ wishes.



Exact details on how the signers were fooled remain unknown. “The UI itself could have been compromised, [or] Each of these honest people could have had their actual computer compromised,” wrote Sanford.

ZachXBT, a popular on-chain detective for large crypto hacks, submitted “definitive proof” on Friday that the hack was pulled off by the North Korean “Lazarus Group,” according to Arkham Intelligence. Lazarus are the most notorious hackers in the world, attacking several major crypto exchanges in the past.

“TLDR myself and Josh from CF connected the Bybit hack on-chain to the Phemex hack,” said ZachXBT in response.

Can Bybit Cover The Loss?

Despite the seismic loss, Zhou assured followers in a tweet that all client losses remained covered by the exchange. “All client assets are 1:1 backed—we can cover the loss.”



Zhou added during the stream that the exchange is reaching out to its partners in search of a “bridge loan” to support its liquidity needs as it processes “massive withdrawals” in the short term.

“We actually already secured almost 80% of the Ethereum that’s been stolen as a bridge loan, to help us with the liquidity crunch.”

So far, Zhou has resisted the idea of pausing exchange withdrawals. Binance co-founder Changpeng Zhao suggested that Bybit do so as a precaution – even if it spurs more fear in the market – offering his own aid if required.

“1.5 billion is fear enough,” he said. “Better to be safe than sorry now.”

More lightheartedly, BitMEX co-founder Arthur Hayes called on Ethereum co-founder Vitalik Buterin to “roll back the chain” to support Bybit – an action Ethereum leaders coordinated ten years ago in response to the DAO hack.