Bybit Recovers 72.4% of Stolen Funds After Third-Party Wallet Breach

Bybit, a prominent global cryptocurrency exchange, recently faced a significant security breach involving a third-party wallet vendor. The incident, which involved the compromise of a private key, allowed unauthorized access to assets not directly held by Bybit but associated with its infrastructure. This breach has raised concerns across the crypto industry, highlighting the risks associated with relying on third-party wallet management tools for both exchange trades and liquidity provision.

In response to the breach, Bybit CEO Ben Zhou provided an update on the investigation and recovery efforts. According to Zhou, 72.4% of the stolen funds, amounting to approximately USD 1.4 billion or 500,000 ETH, have been either recovered or frozen. This recovery was achieved through coordinated efforts with partner exchanges, law enforcement agencies, and on-chain tracking teams. The remaining 27.6% of the funds, however, remain untraceable and are still in the hands of the attacker. The untraceable funds primarily flowed into mixers and then through bridges to peer-to-peer (P2P) and over-the-counter (OTC) platforms, making them difficult to track.

The breach was traced back to a compromise of the private key of a third-party wallet service provider. This indicates that the vulnerability was not within Bybit's own systems but rather in the security processes of its vendor. Despite this, Ben Zhou assured the community that no customer funds were affected by the incident. The compromised wallet did not hold user assets or operate within Bybit’s hot or cold wallet infrastructure, ensuring that all user balances remain intact and secure. Bybit has resumed normal operations, with full trading, deposit, and withdrawal services available. The exchange has also committed to strengthening its due diligence processes for suppliers and enhancing its real-time alarm systems to prevent similar incidents in the future.

The attack has brought third-party risks in the crypto ecosystem back into focus. While exchanges like Bybit typically implement strict internal controls, the over-reliance on external collaborators can expose platforms to unexpected attack vectors. The community has emphasized the importance of decentralized or multi-signature private key management, periodic audits and stress tests for third-party wallet providers, and greater transparency from exchanges regarding their infrastructure and providers. There have also been calls for industry standards for wallet integrations, particularly those related to exchange infrastructure, to mitigate the increasing occurrences of wallet attacks.

Bybit has pledged to continue tracking the remaining stolen funds, collaborating with blockchain analytics groups, law enforcement, and other exchanges that have interacted with the attacker’s wallet addresses. The company has also stated that any subsequent updates, including additional recoveries or arrests, will be made publicly available. This ongoing investigation underscores the complex security landscape in the crypto industry and the need for vigilance at every point in the custody chain.