Bybit CEO Ben Zhou Assures Full Recovery of $1.4 Billion in Stolen Ether

Ben Zhou Addresses Bybit Hack, Confirms Complete Asset Replenishment

A devastating cyberattack struck Bybit on February 21, 2025, marking the largest cryptocurrency exchange hack ever recorded. The Dubai-based trading platform lost $1.4 billion in digital assets, including liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. The exploit accounted for over 60% of all crypto funds stolen throughout 2024, underscoring the severity of the breach.

Blockchain security firms Lookonchain and Arkham Intelligence swiftly identified the infamous Lazarus Group, a North Korean state-sponsored hacking collective, as the likely perpetrators. The stolen assets were quickly fragmented across 50 separate wallets, each containing around 10,000 ETH, within two hours of the attack. In a Feb. 23 blog post, analysts from Elliptic suspect the hackers will attempt to launder the funds through crypto mixers such as Tornado Cash, a tactic frequently employed by cybercriminals to obscure transaction trails.

Bybit CEO Ben Zhou addressed the crisis on February 24, assuring users that the exchange had fully replenished the stolen $1.4 billion in Ether. The recovery effort involved securing 446,870 ETH—valued at $1.23 billion—through a combination of loans, whale deposits, and strategic purchases. Over-the-counter transactions with Galaxy Digital, FalconX, and Wintermute facilitated the acquisition of 157,660 ETH worth $437.8 million, while another $304 million was sourced from centralized and decentralized exchanges. 

Bybit’s total reserves now stand at $10.86 billion, according to DefiLlama data, with the platform planning to release a new audited proof-of-reserve (PoR) report verifying the 1:1 asset backing.

Before Ben Zhou’s announcement, the situation was complex. Withdrawals surged to $5.3 billion on February 22 as panic spread across the exchange, but PoR auditor Hacken confirmed that Bybit’s reserves remain solvent, ensuring user funds are fully backed. 

Meanwhile, an escalating dispute between Bybit and crypto exchange eXch has emerged. Bybit accused eXch of laundering over $30 million of the stolen funds and requested immediate asset freezes. eXch denied direct involvement, acknowledging that an “insignificant portion” of the hacked funds passed through its platform while refusing to comply with Bybit’s demands. The refusal stemmed from previous disputes over fund freezes that impacted eXch users.

Further investigations revealed a potential connection between the Bybit hack and a series of Solana memecoin scams. On-chain analyst ZachXBT uncovered evidence linking wallets associated with Pump.fun rug pulls to $1.08 million from the Bybit breach. These same addresses were previously tied to the $29 million Phemex hack in January 2025, raising concerns about Lazarus Group’s expanding cybercrime operations. 

Market reactions to the breach were swift. Ethereum’s price plummeted by over 7% within hours of the attack, sinking from $2,831 to $2,629 before partially recovering over the weekend, and starting to slump to $2,695 again, according to Coin360 data. 

Some community members floated the idea of rolling back the Ethereum blockchain to reverse the hack, drawing parallels to the 2016 DAO incident. Ethereum lead developer Tim Beiko dismissed the notion, citing insurmountable complications, including the decentralized network’s deep integration with DeFi protocols and cross-chain bridges. Beiko also pointed out that the hacker had already begun dispersing funds, rendering a rollback impractical.

Efforts to freeze the stolen assets remain ongoing, with Bybit successfully locking down $42 million through coordinated enforcement actions. However, the remaining $1.36 billion remains in motion, raising fears that much of it will vanish into untraceable cross-chain transactions, mixers, and peer-to-peer platforms. 

The Lazarus Group has a long history of laundering stolen cryptocurrency, having funneled over $200 million through similar methods between 2020 and 2023. As law enforcement agencies and cybersecurity firms intensify their tracking efforts, the broader crypto industry faces renewed scrutiny over its security infrastructure and resilience against increasingly sophisticated cyber threats.

It came as Infini, a Hong Kong-based stablecoin neobank, experienced a significant hack on February 24, 2025, resulting in a loss of approximately $49 million in USDC. Security analysts from Cyvers and Blocksec confirmed that the funds were drained from a smart contract after an attacker exploited compromised administrative privileges. The stolen USDC was transferred to a Tornado Cash-funded address and converted to ether. Infini's founder, Christian, stated that the exploit was not due to a private key leak and assured that impacted users would be compensated. 

This article has been refined and enhanced by ChatGPT.