Cryptocurrency exchange Bybit has announced a massive bounty program offering up to $140 million for help in recovering approximately $1.4 billion worth of stolen digital assets in what stands as crypto's largest theft to date.
The Singapore-based exchange is offering cybersecurity experts and blockchain analysts 10% of any funds they help recover following the major security breach of its Ethereum cold wallet. The stolen assets include over 401,347 ETH ($1.12 billion), 90,376 stETH ($253.16 million), and additional Ethereum-based tokens.
"We were overwhelmed with support from some of the best people and organizations in the industry," said Bybit co-founder and CEO Ben Zhou. "We have shared in a dark moment of crypto history, and we've proven we are better than the malicious actors."
On-chain investigator ZachXBT has identified North Korea's notorious Lazarus Group as responsible for the sophisticated attack. The hackers reportedly compromised Bybit's wallet during a routine transfer by manipulating the signing interface to display legitimate transaction details while altering the underlying smart contract logic.
Major exchanges including Binance and MEXC have joined efforts to monitor and prevent the laundering of stolen funds. Bybit has secured a bridge loan covering 80% of the stolen Ethereum to maintain withdrawal processing and protect customer assets.
The exchange continues working with law enforcement and cybersecurity teams to investigate whether the breach stemmed from a vulnerability in the Safe multisig wallet system or broader infrastructure issues.
Qualified individuals or organizations can participate in the bounty program by contacting Bybit directly. The program represents one of the largest crypto recovery efforts in history as the exchange works to trace and retrieve the stolen assets.