Bybit Crypto Exchange Offers $140 Million Bounty to Track Down Stolen Funds After Hack

Bybit Crypto Exchange Offers $140 Million Bounty to Track Down Stolen Funds After Hack

In a shocking turn of events, hackers have executed what is now considered the largest crypto heist in history, stealing approximately $1.4 billion in Ethereum from the crypto exchange Bybit. Following this unprecedented breach, Bybit has launched a robust initiative, offering up to $140 million in bounties for information that leads to the recovery of the stolen funds.

Details of the Bybit Hack

CEO and co-founder Ben Zhou announced the bounty program via a post on X, emphasizing the urgency and seriousness of the situation. The bounty system is designed to incentivize individuals to assist in tracing and freezing the stolen assets. Here’s how it works:

  • For every amount traced and frozen, 5% of that sum will be awarded to the finder.
  • Another 5% will be allocated to the entity responsible for freezing the funds.

Progress So Far

As of now, thanks to the efforts of five bounty hunters, Bybit has already distributed $4.23 million in rewards. This bounty initiative is not just a monetary compensation; it’s a proactive step towards reclaiming the lost assets.

Understanding the Attack’s Origins

The breach has been attributed to the Lazarus Group, a notorious hacking organization linked to the North Korean government. Zhou expressed a commitment to eliminate bad actors from the cryptocurrency space, stating, “We will not stop until Lazarus or bad actors in the industry are eliminated.”

Experts from various security firms believe that the Lazarus Group has effectively targeted crypto exchanges and Web3 companies, amassing an estimated $650 million in cryptocurrency throughout 2024 alone.

Investigation Findings

The forensic investigation into the Bybit hack was conducted by Sygnia Labs and Verichains. Key findings include:

  • The attack was facilitated by malicious code originating from SafeWallet, a crypto wallet platform.
  • A benign Javascript file was replaced with a harmful version targeting Bybit’s Ethereum Multisig Cold Wallet.
  • The breach was traced back to a developer’s device at SafeWallet, as confirmed by the company.
READ ALSO  Binance Secures $2 Billion Boost from MGX in Historic Investment Surge

Contact Information for Whistleblowers

If you have any information regarding the Bybit hack or other crypto-related thefts, please reach out securely. You can contact Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382, or connect with him on Telegram and Keybase at @lorenzofb. Alternatively, you can reach out to TechCrunch via SecureDrop.

The crypto community is on high alert as the investigation continues. Stay informed about developments in this case and the broader implications for cryptocurrency security.

Similar Posts

CISA Faces Legal Fallout: Urgent Outreach to Laid-Off Employees After Court Deems Layoffs Unlawful

CISA Faces Legal Fallout: Urgent Outreach to Laid-Off Employees After Court Deems Layoffs Unlawful

Bysupport

The Cybersecurity and Infrastructure Security Agency (CISA) is working to reconnect with over 130 former employees unlawfully terminated by the Trump administration, following a U.S. District Court ruling mandating their reinstatement. The affected individuals were probationary employees laid off in February as part of workforce reductions. CISA is actively reaching out but lacks contact information for many, urging eligible former employees to provide their details securely. Rehired employees will receive administrative leave with full pay and benefits. Additional workforce cuts may be imminent, potentially affecting about 100 more employees, including those in critical roles.

Ted Schlein's Ballistic Ventures Secures $100M for Innovative New Fund Launch

Ted Schlein’s Ballistic Ventures Secures $100M for Innovative New Fund Launch

Bysupport

Ballistic Ventures, a venture capital firm focused on cybersecurity startups, plans to raise $100 million for its new fund, as indicated by a recent SEC filing. Founded in late 2021 by Ted Schlein, the firm has quickly become influential in the cybersecurity sector, having closed its second fund at $360 million last year. Ballistic emphasizes a hands-on approach, assisting portfolio companies with strategic guidance, hiring, and customer acquisition. The firm has invested in 59 startups, including GetReal Lab, and has recorded six successful exits. The cybersecurity funding market is experiencing significant growth, projected to reach $11.6 billion in 2024.

PowerSchool Data Breach: Hackers Steal Students' Sensitive Information, Including Social Security Numbers

PowerSchool Data Breach: Hackers Steal Students’ Sensitive Information, Including Social Security Numbers

Bysupport

PowerSchool, a prominent edtech company, has reported a significant data breach affecting sensitive personal information, including Social Security numbers and medical records. The breach, which occurred in December, was due to hackers accessing PowerSchool’s customer support portal with stolen credentials. The compromised data includes contact information, academic records, and personal details of parents and guardians. While PowerSchool is working with CyberSteward to address the incident and has claimed the data may have been deleted, the extent of the breach remains unclear. The company, recently acquired by Bain Capital for $5.6 billion, is taking steps to enhance data security.

US Targets North Korea's Illicit IT Workforce: Five Individuals Indicted in Major Crackdown

US Targets North Korea’s Illicit IT Workforce: Five Individuals Indicted in Major Crackdown

Bysupport

The indictment of five individuals linked to a North Korean IT worker scheme has raised alarms about international cybercrime. The Department of Justice revealed that over several years, North Korean citizens secured remote jobs with at least 64 U.S. companies, leading to concerns about security compliance in the tech industry. The suspects, including two U.S. nationals, allegedly used remote access software and forged identity documents to disguise their operations. The DOJ estimates payments to these firms exceeded $866,255, mostly laundered through a Chinese bank. Authorities warned of increasing threats from North Korean cyber activities, emphasizing the need for business vigilance.

Russian Zero-Day Seller Targets Telegram Exploits with Up to $4 Million Bounty

Russian Zero-Day Seller Targets Telegram Exploits with Up to $4 Million Bounty

Bysupport

Operation Zero, a key player in the zero-day market, plans to acquire exploits for Telegram, offering up to $4 million for various vulnerabilities. This includes up to $500,000 for a one-click remote code execution (RCE) exploit and $1.5 million for a zero-click RCE exploit. The focus on Telegram is strategic due to its popularity in Russia and Ukraine, despite security concerns over its lack of default end-to-end encryption. The rising demand for zero-day exploits underscores the risks to user privacy and data protection, as government entities and private firms seek these valuable vulnerabilities amid escalating cybersecurity threats.

SGNL Secures $30M Investment to Revolutionize ID Security with Zero-Standing Privileges

SGNL Secures $30M Investment to Revolutionize ID Security with Zero-Standing Privileges

Bysupport

Startup SGNL has raised $30 million in a Series A funding round led by Brightmind Partners, with participation from Microsoft and Cisco Investments, bringing its total funding to $42 million. SGNL focuses on identity security, employing a zero-standing privilege model for user access management to combat vulnerabilities from leaked credentials. Co-founded by former Google executives Scott Kriz and Erik Gustavson, SGNL aims to enhance identity management with innovative technology like the Continuous Access Evaluation Protocol (CAEP). The company has attracted major enterprise clients, streamlining access policies and improving security, while addressing risks highlighted by recent identity breaches.