- Bybit recovers $43M of the $1.4B stolen by Lazarus Group through swift action.
- Bybit offers up to 10% rewards for freezing stolen funds in a new bounty program.
- Lazarus Group has stolen over $3B in crypto since 2017, with Bybit leading the recovery.
Bybit suffered the biggest crypto theft ever recorded when hackers took more than $1.4 billion from its platform during a hack on February 21, 2025. The Lazarus Group from North Korea performed this attack by focusing on three cryptocurrency assets including liquid-staked Ether (STETH) and Mantle Staked ETH (mETH) and all ERC-20 tokens. The exchange quickly replenished the stolen funds, ensuring client assets remained intact at a 1:1 ratio by February 23.
Bybit’s CEO, Ben Zhou, addressed the breach on February 25 via an X post, announcing a bold countermeasure against the perpetrators. Zhou pledged to pursue the hackers relentlessly, launching a dedicated bounty website to track and freeze the stolen assets.
The site encourages users to submit wallet addresses linked to the Lazarus Group’s activities. The frozen deposits valued at $42.3 million represent around 3% of the total hacked funds. The exchange demonstrated aggressive behavior to show its dedication towards fighting cybercrime in the crypto domain but it might trigger additional attention from criminal elements.
Bounty Program Targets Lazarus Group’s Funds
Bybit’s new initiative offers a 5% reward to individuals or platforms that help freeze the stolen cryptocurrency, with the bounty website promising up to 10% for successful interceptions. This could translate to a payout of $140 million if all funds are recovered.
The platform currently monitors 6,338 wallet addresses associated with the Lazarus Group, providing real-time transparency on sanctioned transactions. Zhou emphasized that a specialized team maintains the site, with plans to expand its scope to assist other victims of the hacking collective.
The bounty program also features a public ranking system, listing both helpful contributors and uncooperative entities. Zhou noted that appearing on the “bad actor” list could signal involvement in facilitating illegal transactions. Blockchain security firm Elliptic reported that Lazarus has begun laundering the funds across multiple wallets and blockchains, including Bitcoin, complicating recovery efforts. Despite this, Bybit has recovered $43 million with support from Mantle, mETH developers, and SEAL 911, while Tether froze $181,000 in USDT tied to the hack.
Crypto Theft Trends and Industry Impact
Based on reported data, North Korean hackers including Lazarus, carried out crypto exchange thefts totaling over $3 billion from 2017 through 2023. The recent Bybit attack established a new record, surpassing the $600 million taken from the Ronin Bridge in 2022. The crypto-related thefts tracked by PeckShield reached $3 billion in 2024 with phishing scams being the primary cause even though these incidents became less prevalent since 2022.
Bybit’s decision to replace the stolen assets and launch a public campaign against Lazarus sets a precedent for exchange responses to major breaches. However, Zhou’s call to “eliminate” the group may heighten the exchange’s risk profile.
