In an extraordinary move to recover from one of the largest cryptocurrency heists in history, Bybit has successfully covered its $1.46 billion loss through a mix of loans, large investor deposits, and aggressive Ethereum (ETH) purchases.
In an X post on Monday, blockchain analytics firm Lookonchain revealed that Bybit secured a total of 446,870 ETH—valued at approximately $1.23 billion—from multiple sources, including large over-the-counter (OTC) purchases and institutional support.
The crypto exchange, which suffered the devastating hack earlier this month, has reassured users that it is now financially stable, but the incident has reignited concerns over the security of centralized platforms in the digital asset space.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
The Hack That Shook the Crypto World
The attack on Bybit was executed with precision, leaving the exchange scrambling to secure its reserves. On February 10, 2025, the hackers successfully infiltrated Bybit’s multisignature cold storage system, which was meant to provide an additional layer of security by requiring multiple approvals for transactions. Despite these safeguards, the attackers managed to breach the system, transferring nearly $1.4 billion in assets to wallets linked to known cybercriminal networks.
Within hours of the breach, blockchain analysts identified patterns that mirrored previous attacks attributed to the Lazarus Group, a North Korea-backed hacking syndicate responsible for billions of dollars in stolen cryptocurrency. The stolen funds were quickly funneled through various mixing services and decentralized exchanges, making it nearly impossible to recover them.
Analysts also noted striking similarities between the Bybit hack and another attack that had targeted Phemex, another cryptocurrency exchange, just days earlier. Investigators found that the funds from both breaches had been merged and transferred using the same theft addresses, a tactic previously seen in state-sponsored cyber warfare operations.
Following the breach, Bybit immediately launched an internal investigation with the help of blockchain forensics firms and cybersecurity experts. The exchange also worked closely with law enforcement agencies and other crypto platforms in an attempt to track the stolen funds.
However, with most of the assets already laundered or converted into privacy-focused cryptocurrencies, the likelihood of recovery appeared slim.
Bybit’s Multi-Billion-Dollar Rescue Operation
With an enormous financial gap to fill, Bybit made the unprecedented decision to purchase over $742 million worth of Ethereum on the open market. The exchange also secured additional funds through a combination of loans, direct purchases, and deposits from high-net-worth investors and institutions.
A significant portion of Bybit’s ETH acquisition came from an over-the-counter (OTC) deal that brought in 157,660 ETH, valued at approximately $437.8 million, from a single address. Another 109,033 ETH, worth $304.1 million, was traced back to an entity that had acquired the assets from both centralized and decentralized exchanges. Institutional players stepped in as well, with whale investors and crypto firms contributing over $127 million in ETH-based loans.
Crypto exchange Bitget played a major role in Bybit’s recovery effort, lending the exchange 40,000 ETH, valued at around $106 million. Another industry player, MEXC, provided 12,653 stETH, worth approximately $33.9 million. Additionally, a separate unidentified entity was found to have transferred 22,609 ETH, valued at $61.9 million, while another transfer of 20,000 ETH, worth $53.7 million, came from an unknown source. Investment firms also participated, with Mirana Ventures and a possible Fenbushi Capital-linked entity each contributing 10,000 ETH, valued at $28 million.
Bybit’s 266,694 ETH purchase, worth approximately $742 million, was another critical component of its financial stabilization plan. This large-scale buying activity had a noticeable impact on the broader cryptocurrency market, contributing to a 6% recovery in ETH prices after the asset had experienced a sharp decline following the hack.
In response to growing concerns among users, Bybit CEO Ben Zhou took to X to assure customers that the exchange had fully replenished its reserves. He confirmed that Bybit had successfully closed the ETH gap and that all user funds were once again backed at a 1:1 ratio.
Zhou also announced that a new proof-of-reserves (PoR) report would be released in the coming days, leveraging Merkle tree verification technology to allow users to independently verify that their assets were fully accounted for. The move is part of a broader push for transparency in the crypto industry, especially following the collapse of FTX in 2022, which exposed how centralized exchanges could mismanage user funds.
However, the hack has raised deeper concerns about the security vulnerabilities of even the most well-established cryptocurrency platforms. Industry experts have pointed out that multisignature cold wallets, once considered among the safest storage methods for crypto assets, are increasingly being targeted by sophisticated attackers. The growing frequency of high-profile exchange hacks has renewed calls for stricter cybersecurity measures, regulatory oversight, and decentralized alternatives to centralized exchanges.
A Warning Sign for the Crypto Industry
The Bybit hack serves as yet another reminder that no exchange, regardless of size, is immune to cyber threats. While the company’s ability to recover from a $1.46 billion loss in a matter of days demonstrates the financial strength of major crypto firms, it also highlights the risks that users face when entrusting their assets to centralized platforms.
Regulators have already signaled an interest in tightening oversight of cryptocurrency exchanges, with many noting that existing security measures are insufficient to protect users from large-scale cyberattacks. For the industry, the real challenge will be restoring investor confidence and ensuring that future breaches do not lead to devastating financial losses.