Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now, the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds.
Bybit’s CEO and co-founder Ben Zhou announced the bounty in a post on X on Tuesday.
On the official site of the bounty, Bybit explains that for every time someone traces and freezes some of the stolen funds, 5% of that amount goes to the person who found them, and 5% to the “entity” that froze said funds.
At the time of writing, thanks to five bounty hunters, Bybit has already awarded $4.23 million in bounties, according to the site, whose logo is a knife appearing to be stabbing through the head of North Korean leader Kim Jong-un.
Contact Us
Do you have more information about the Bybit hack, or other crypto heists? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“We will not stop until Lazarus or bad actors in the industry is eliminated. In the future we will open it up to other victims of Lazarus as well,” Zhou wrote, referring to Lazarus Group, the name that the cybersecurity industry has assigned to a broad group of North Korean-backed hackers focused largely on cryptocurrency thefts.
Multiple security researchers and crypto security and monitoring firms believe the hackers behind the massive Bybit heist work for the North Korean government, which over the years has become very effective at targeting crypto exchanges and web3 companies, stealing $650 million in crypto in 2024 alone, according to the governments of the United States, Japan, and South Korea.
On Wednesday, Bybit’s Zhou published the preliminary results of the forensic investigation into the hack, led by two companies, Sygnia Labs and Verichains. Sygnia concluded that the “root cause” of the attack was malicious code coming from the infrastructure of SafeWallet, a crypto wallet platform. Verichains said a benign Javascript file was replaced with a malicious version “specifically targeting Ethereum Multisig Cold Wallet of Bybit.”
The two investigating security companies concluded that hackers breached a developer’s device at SafeWallet, as the company itself confirmed.
