Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

What impact will the theft of over 510,000 ETH from Bybit have on the market?

Talking about Li, talking about the outside.
2025-02-24 09:05:12
Collection

Source: Talking about Li and Talking about the Outside

Yesterday (February 21), during the day, some friends were still immersed in the joy of "the bull returning quickly," as Bitcoin rebounded to around $99,500 and Ethereum also bounced back to around $2,850. Let's not worry about whether yesterday's rebound was a trap; it seems that this market trend has given some partners hope again.

However… by the evening, the market faced a black swan event: the Bybit exchange was hacked, with over 510,000 ETH stolen (worth about $1.5 billion, including 401,347 ETH, 90,376 stETH, 15,000 cmETH, and 8,000 mETH).

We don't need to delve too deeply into the complex attack techniques; interested friends can look it up online. Here, we will simply explain it in layman's terms:

There is an exchange called Bybit, and their multi-signature cold wallet is managed and authorized by a few individuals, namely Zhang San, Li Si, and Wang Wu. Any transaction must be signed by all of them to be completed. So, the hacker used some special means to locate these individuals (which falls under social engineering attacks) and continued to implant malware on their computers through some special methods. One day, the three individuals received a signature request for a transfer, showing that 500 ETH was to be transferred out. Zhang San saw that there was no problem with the operation interface, so he signed it as usual, and then Li Si and Wang Wu did the same. However, the signature interface they saw was forged by the hacker, resulting in the simultaneous signatures transferring 500,000 ETH to the hacker's wallet address.

After the Bybit attack incident occurred, various speculations emerged online. Some said it was an inside job, while others claimed it was the work of a North Korean hacker organization, and even some users from the PI community were spreading the word that they would take responsibility for the incident…

However, after analyzing the situation throughout the morning, it seems that professionals have largely determined that this attack was carried out by the North Korean hacker group Lazarus Group, using a method called blind signature, where the UI displayed to the user on the infected device differs from what actually happens in the background. The specific process is roughly as we described in layman's terms. Interested friends can also consider looking at the detailed report released by Slow Mist for a more professional interpretation.

The North Korean hacker organization Lazarus Group has been accused of multiple cyber attacks since 2010, including the Sony Pictures hack, the 2016 bank heist, the "WannaCry" ransomware attack, and several attacks targeting cryptocurrency and pharmaceutical companies. As shown in the image below.

Below are some attacks by the Lazarus Group in the cryptocurrency field:

  • In October 2024, Radiant Capital was hacked, resulting in the theft of $50 million in assets.
  • In July 2024, WazirX was hacked, resulting in the theft of $230 million in assets.
  • In 2023, Atomic was hacked, resulting in the theft of $100 million in assets.
  • In 2023, CoinEx was hacked, resulting in the theft of $70 million in assets.
  • In 2023, Stake was hacked, resulting in the theft of $41 million in assets.
  • In 2023, Poloniex was hacked, resulting in the theft of $120 million in assets.
  • In 2022, Ronin Bridge was hacked, resulting in the theft of $625 million in assets.
  • In 2022, Horizon Bridge was hacked, resulting in the theft of $100 million in assets.

And so on…

It can also be seen that this Bybit hack is the largest theft incident in history. Although this black swan event is quite significant, it seems that it hasn't caused a heavy blow to the overall market. As of the time of writing, Bitcoin's price remains around $96,000, and Ethereum's price stays around $2,700. There were only some minor incidents during this period, such as:

  • MNT (Bybit's token) dropped 10% within minutes, as shown in the image below.

  • USDE decoupled by 5%, but quickly rebounded. This also indirectly caused ENA to drop and then rise, with a direct increase of about 10% today. This might also be due to Ethena's timely public relations efforts, as shown in the image below.

Looking back at the situation over the past ten hours, Bybit's public relations handling has been quite good. For instance, within 30 minutes of the incident, Bybit's CEO responded on the X platform, and within the next 10 minutes, Bybit's official account also released an official statement. The CEO even held a live stream to answer some community questions. This speed and attitude in handling the situation have been quite helpful in stabilizing market sentiment temporarily.

However, the internet is still filled with various messages and speculations. My suggestion is that everyone should at least remain calm and avoid clicking on random links to prevent phishing. I have noticed that some people have started to promote scam wallets using this hot topic, luring users to download them under the guise of protecting their assets. If you are concerned about the safety of your assets, you might consider temporarily transferring them to larger exchanges like Binance or OKX.

Since the hackers are from North Korea, the probability of recovering the stolen assets is quite low. This loss will likely have to be borne by Bybit itself. As for how they will bear it, whether Bybit will purchase ETH to fill this gap, these unknown issues can be followed in Bybit's latest official announcements.

As for the impact of this incident on the market moving forward, some KOLs say it will lead the market directly into a bear market, while others say Bybit is the next FTX. Personally, I am not that pessimistic, and I see it in a few different scenarios:

1) If Bybit can continue to handle public relations perfectly and manage this situation well, especially addressing user withdrawal issues, then after a few months of recovery, they should be able to regain their vitality. However, after this incident, they will likely lose quite a few customers, and it remains to be seen whether other exchanges will take advantage of this situation to poach clients. Although the big shots from other exchanges also voiced their support on the X platform today, they will still prioritize their own interests.

2) If Bybit fails to handle this situation well in the next two weeks or triggers some new negative chain reactions, market sentiment may face a new shock, and further corrections in ETH cannot be ruled out. If ETH continues to experience a large-scale correction, then altcoins will likely be further bloodied.

Moving forward, a favorable scenario for the market would be (this is just a fantasy): Bybit purchases ETH to fill the gap, and the North Korean hackers use special methods to convert ETH into BTC (not directly converting to USDT to avoid being frozen by Tether), which could offset each other and stabilize ETH's current trend while further stimulating BTC's short-term performance. Then, the hackers who obtain BTC might take years or even longer to slowly cash out through special channels, as according to Lazarus Group's historical methods and habits, they seem to be in no rush to quickly liquidate stolen assets (for example, this organization still holds stolen assets worth tens of millions of dollars from 2016 without selling them).

Currently, it seems to be a process of multi-party contention, and we can only wait and see. Below is the aggregated wallet address of the hackers; interested friends can also observe the movement of the stolen funds. As shown in the image below.

Security issues are a long-term challenge, and I hope Bybit can truly take responsibility for its mistakes rather than directly passing them on to retail investors (its own customers).

Related tags
Bybit hacker attack talking about Li and talking outside the topic
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
Talking about Li, talking about the outside.
Talking about Li, talking about the outside. Focus on blockchain knowledge sharing
Why are many people unable to accept failure? Why are people today afraid of imitation?
Why are many people unable to accept failure? Why are people today afraid of imitation?
The market is ruthless, so are all the people who lose money innocent?
The market is ruthless, so are all the people who lose money innocent?
Related tags
Bybit hacker attack talking about Li and talking outside the topic
Related reading
How can DeFi effectively respond to market turbulence after the Bybit hack?
How can DeFi effectively respond to market turbulence after the Bybit hack?
1.5 billion dollars worth of ETH stolen again raises alarms; how can exchanges build a trust defense system?
1.5 billion dollars worth of ETH stolen again raises alarms; how can exchanges build a trust defense system?
Over $1.4 billion stolen, how did Bybit survive a life-and-death crisis in three days?
Over $1.4 billion stolen, how did Bybit survive a life-and-death crisis in three days?
How was the 15,000 cmETH stolen from Bybit recovered?
How was the 15,000 cmETH stolen from Bybit recovered?
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app