Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds.
Bybit’s CEO and co-founder Ben Zhou announced the bounty in a post on X on Tuesday.
On the official site of the bounty, Bybit explains that for every time someone traces and freezes some of the stolen funds, 5% of that amount goes to the person who found them and 5% goes to the “entity” that froze said funds.
At the time of writing, thanks to five bounty hunters, Bybit has already awarded $4.23 million in bounties, according to the site, whose logo is a knife appearing to be stabbing through the head of North Korean leader Kim Jong-un.
Contact Us
Do you have more information about the Bybit hack, or other crypto heists? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“We will not stop until Lazarus or bad actors in the industry is eliminated. In the future we will open it up to other victims of Lazarus as well,” Zhou wrote, referring to Lazarus Group, the name that the cybersecurity industry has assigned to a broad group of North Korean-backed hackers focused largely on cryptocurrency thefts.
Multiple security researchers and crypto security and monitoring firms believe the hackers behind the massive Bybit heist work for the North Korean government, which over the years has become very effective at targeting crypto exchanges and web3 companies, stealing $650 million in crypto in 2024 alone, according to the governments of the United States, Japan, and South Korea.
On Wednesday, Bybit’s Zhou published the preliminary results of the forensic investigation into the hack, led by two companies, Sygnia Labs and Verichains. Sygnia concluded that the “root cause” of the attack was malicious code coming from the infrastructure of SafeWallet, a crypto wallet platform. Verichains said a benign JavaScript file was replaced with a malicious version “specifically targeting Ethereum Multisig Cold Wallet of Bybit.”
The two investigating security companies concluded that hackers breached a developer’s device at SafeWallet, as the company itself confirmed.
Chinese marketplace DHgate becomes a top US app as trade war intensifies
The Trump trade war has gone viral on TikTok, pushing a Chinese e-commerce app, DHgate, to the top of the...
Hertz says customers’ personal data and driver’s licenses stolen in data breach
Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s...
OpenAI plans to phase out GPT-4.5, its largest-ever AI model, from its API
OpenAI said on Monday that it would soon wind down the availability of GPT-4.5, its largest-ever AI model, via its...
Google’s newest AI model is designed to help study dolphin ‘speech’
Google’s AI research lab, Google DeepMind, says that it has created an AI model that can help decipher dolphin vocalizations,...
