Market Data 
The cryptocurrency space was ripe for a black swan event, and one promptly presented itself with the $1.4 billion Bybit hack. However, unlike previous debacles that led to near-total collapses, the industry has managed this episode fairly well—further highlighting the maturity of the digital asset space.
In what many are calling the biggest crypto hack of all time, Bybit lost more than $1.4 billion in ETH and stETH early Friday. An investigation is ongoing, however, according to prominent on-chain sleuth ZachXBT, it is highly likely North Korea’s Lazarus group was behind the hack thanks to patterns consistent with their MO.
After news of the hack spread, there was initial panic in the markets as Bybit users rushed to get their funds off the CEX, reminded all too well of how FTX folded following a series of panic withdrawals. Fortunately, it did not take long for order to be restored, and the crypto community has shown its resilience and togetherness after the early sensationalism that followed the big headline.
mETH protocol joins Binance, others in supporting Bybit
Shortly after news got out about the hack, mETH Protocol, a decentralized, permissionless platform built on the Ethereum blockchain that allows users to stake their ETH and receive liquid staking tokens, known as mETH, released a post-mortem of the hack. The report revealed that the attacker executed multiple transactions to move assets off the platform.
According to mETH’s report, 8,000 mETH were swapped for ETH across three transactions via a DEX, and a 15,000 cmETH withdrawal was initiated via mETH Protocol. However, it did not allow the hackers to complete the transaction.
The hackers would have gotten away with the funds if not for the protocol’s security measures, which include an 8-hour withdrawal delay built into the protocol to prevent the immediate withdrawal of cmETH.
The protocol also blacklisted the exploiter’s address, reducing the cmETH liquidity on Mantle Network and the recovery of about 15,000 cmETH from the exploiter’s address to a recovery address, reinstating the integrity of cmETH supply.
Aside from the mETH Protocol, other notable groups in crypto that have stepped up to help include Binance and Tether.
On Friday, Paolo Ardoino, the CEO of Tether, revealed his firm had frozen $181,000 worth of the UDST linked to the stolen Bybit funds, thanks to the help of ZachXBT.
“Might not be much but it’s honest work,” Ardoino wrote on X. “We keep monitoring.”
On Binance’s part, it chose to provide a bridge loan to Bybit so that it can continue to process client withdrawals without delay, ensuring that users can access their funds despite the hack. Bitget has also provided a 64,452 ETH loan to Bybit, and MEXC transferred 12,652 stETH to Bybit’s cold wallet as a sign of solidarity.
By now, it is clear that Bybit has weathered the storm from the attack.
Following the breach, the firm confirmed that withdrawals were still active but warned that some users might experience delays due to network congestion. Despite the warning, Bybit was able to process 70% of the withdrawal requests successfully, and efforts are underway to address the remaining backlog.
Now that the worst has passed, the company is focusing on recovery.
On Saturday, Bybit stated it would offer 10% of recovered funds—up to $140 million—to any on-chain security experts who could help the firm get the stolen assets back.
In a statement, Bybit co-founder and CEO Ben Zhou highlighted the show of solidarity from the space and promised it was not taken for granted.
“We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors,” Zhou said. “We want to officially reward our community who lent us their expertise, experience, and support through the Recovery Bounty Program, and our efforts to make this difficult lesson a valuable one does not stop here.”
Ben also noted that the hackers are moving some of the funds to Chainflip.io as a bridge to convert into BTC. He shared an SOS to any bridges with the capacity to freeze or even recover the funds stolen from his exchange, saying “If you are a bridge, Please help us to block and prevent further conversion to other chains.”
Projects that have the potential to join the asset-freezing effort
According to reports, most of the stolen funds are in native Ethereum, which is not easy to recover since it lacks a centralized freezing mechanism. About 8,000–15,000 mETH and approximately 181,000 USDT were also stolen.
While Bybit pursues justice, onlookers have urged more entities currently sitting on the sidelines to join the effort by freezing the assets of the hackers. Some other projects people are expecting to take action include Lido (stETH) and Ethereum (ETH).
Lido is a major liquid staking protocol and the issuer of stETH (Staked ETH). It could help by blacklisting stETH addresses, but this might only happen if it is pressured by Bybit or regulators. Also, its decentralized nature makes swift action less likely unless the effort is spearheaded by exchanges or law enforcement.
While native ETH cannot be frozen by a single entity because of the chain’s decentralization, a hard fork or rollback could in theory invalidate the stolen funds. This was done once in 2016 when there was a DAO hack. It would require consensus from miners, nodes, and the community. While thought leaders like Arthur Hayes have been talking about the possibility of an Ethereum rollback, given the hack’s scale, there has been no official announcement, and the community’s willingness to do such a thing is uncertain.
If there is no overwhelming support from the community, a rollback is unlikely to happen, and blacklisting at the protocol level isn’t feasible, although exchanges could tag and block exploiter addresses.
Should the hackers also make the mistake of swapping the stolen ETH into other ERC-20 tokens like USDC, those projects have the ability to freeze funds as long as their contracts permit it. Circle (USDC) has been known to freeze stolen funds in the past, however in those cases, significant USDC had been lost. That is not the case this time.
Some analysts are convinced the hackers will eventually convert the ETH to ERC-20 tokens before moving it to BTC and finally fiat via Asian exchanges.
