Bybit to Release Bounty Program as North Koreans Tied to ‘Largest Hack’ in History

By Leakd.com Authors

February 22, 2025

bybit attack bounty featured — Image: Aleks Marinkovic / Unsplash

As the crypto industry continues hunting down hackers behind the apparently largest heist in history, Bybit, which suffered the $1 billion theft, is about to announce its bounty program in an attempt to trace the funds and prevent criminals from converting the stolen cryptoassets.

Ben Zhou, the CEO of Bybit, said that the company is starting to see that some of the stolen ethereum (ETH) is now being moved to Chainflip.io as a bridge to convert the funds to bitcoin (BTC).

"If you are a bridge, please help us block and prevent further conversion to other chains. We are going to release our bounty program very soon for whoever helps us block or trace the funds that result in fund recovery," Zhou said.

Chainflip said that they have disabled “some frontend services to stop the flow, but as a fully decentralised protocol with 150 nodes, we can't completely shut down the protocol.”

According to them, as a more permanent solution, they're working on enabling stronger ETH broker-level screening to reject tainted deposits through the broker-API.

“This already works for BTC. We just need to finish the ETH implementation,” they added.

Meanwhile, independent blockchain sleuth ZachXBT won an approximately $30,000 bounty from blockchain intelligence platform Arkham by providing proof that the North Korea state-sponsored hacking group Lazarus was behind the Bybit hack.

ZachXBT said that he and "Josh from CF connected the Bybit hack on-chain to the Phemex hack" this past January when the crypto platform lost around $69 million in cryptoassets.

He has also found that Lazarus Group connected the Bybit hack to the Phemex hack directly on-chain, commingling funds from the initial theft address for both incidents.

The investigator has also noted that while partial recovery is more common after crypto hacks and could reach up to 30% in a good scenario, it’ll also be "a bit harder" for the hackers to launder such a huge sum, and this will depend on how patient they are.

"For recent hacks, Lazarus has mainly just been spamming funds to Chinese exchanges on different chains, where it eventually changes hands to [over-the-counters]," ZachXBT said.

Taylor Monahan of the MetaMask wallet has also chimed in, saying that to launder such a sum, it will take a long time and "thousands and thousands of addresses" while trying to move funds through blockchain bridges, decentralized and centralized crypto platforms, and via crypto mixers.

Meanwhile, Monahan has also stressed that this hack is not only the biggest in the crypto world but is the largest hack in the history of all hacks.

Earlier today, Bybit said that all pending withdrawal requests will be processed as soon as possible and should take no more than 30 minutes. Meanwhile, the CEO of the company confirmed that funds are also starting to move back to the platform and, in the past 12 hours, reached $4 billion. However, Zhou didn't specify whether this includes the bridge loan—a type of short-term loan—from other crypto exchanges to help Bybit with liquidity.