Bybit Ether reserves near 50% pre-hack levels after $295M ETH buy

Bybit has regained half of its Ether (ETH) reserves following a $1.4 billion cryptocurrency hack that sent shockwaves through the global Web3 industry.On Feb. 21, Bybit exchange was hacked for over $1.4 billion worth of liquid-staked Ether (STETH), Mantle Staked ETH (mETH) and other ERC-20 tokens, resulting in the largest crypto theft in history.Within two days since the devastating attack, Bybit replenished its Ether reserve to nearly 50% of pre-hack levels, CryptoQuant data shows.Bybit held over 201,600 Ether tokens as of 8:52 am UTC, or over 45% compared to the 439,000 Ether it held on Feb. 20, before the $1.4 billion hack temporarily sunk Bybit’s Ether reserves to just 61,000 ETH on Feb. 21.Part of the exchange’s growing reserves are attributed to spot buying. Bybit bought 106,498 Ether worth $295 million in over-the-counter (OTC) trades since the exploit occurred, wrote crypto intelligence platform Lookonchain in a Feb. 23 X post.Crypto industry leaders and exchanges also rushed to assist Bybit with emergency transfers, including 50,000 Ether from Binance, 40,000 Ether from Bitget and 10,000 Ether from Du Jun, co-founder of HTX Group, among others.Bybit’s recovering exchange reserves and the exchange’s continued user withdrawals are a robust sign of trust for the crypto industry, considering that it managed to stay operational after the biggest hack in crypto and financial history.Bybit processed more than 350,000 withdrawal requests within 10 hours since the exploit, completing 99.9% of them by 1:45 am UTC, Bybit co-founder and CEO Ben Zhou said in a Feb. 22 X post.Bybit loaned nearly $400 million since exploitThe crypto industry has aided Bybit with $390 million worth of Ether in emergency loans and transfers.Bybit received a total of 145,000 ETH worth $390 million in total loans and deposits since the hack occurred, including $127 million worth of ETH from Binance-based whales and over $53 million from a single whale wallet, wrote Lookonchain in a Feb. 22 X post.Within a day since the incident, the value of Bybit’s total assets has fallen by over $5.3 billion, including the $1.4 billion lost to the hack, DefiLlama data shows.Despite the hack and drop in assets, Bybit’s exchange reserves still exceed its liabilities, according to its independent proof-of-reserve (PoR) auditor, Hacken. In a Feb. 21 post on X, Hacken confirmed:“Today’s hack was massive—a tough hit for the industry. But here’s the bottom line: Bybit’s reserves still exceed its liabilities. As their independent PoR auditor, we’ve confirmed that user funds remain fully backed.”What led to the $1.4 billion Bybit hack?Blockchain security analysts, including Arkham Intelligence and onchain sleuth ZachXBT, have traced the Bybit attack to the North Korean state-affiliated Lazarus Group — which is also the prime suspect in the $600 million Ronin network hack.According to Meir Dolev, co-founder and chief technical officer at Cyvers, the attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack.Dolev said the Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.”This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address,” Dolev told Cointelegraph.