The stolen amounted to over 1.4 billion US dollars. Bybit survived the life-and-death crisis in three days. What is the reason?

Author: 1912212.eth, Foresight News

On February 24, Bybit CEO Ben Zhou issued an update saying, "Bybit has completely made up for the ETH deficit, and a new audited Proof of Assets (POR) report will be released soon, so stay tuned."

Previously, cryptocurrency exchange Bybit was hit by a hacker attack that shocked the industry, with losses of up to $1.4 billion. According to OnchainLens monitoring, the stolen native ETH and various derivative ETHs totaled 514,723. This is one of the largest cases of a single hack ever, enough to bring anyone who is concerned about cryptocurrencies to recall those disastrous precedents of the past – the 2014 Mt. Gox crash, 2022 FTX collapse, or Ronin Network's $600 million was stolen in 2021. The FTX incident even caused an industry earthquake for a time, with many implicated companies storming, and many Solana ecological agreements were seriously affected, and the crypto market fell to the bottom. Without exception, these events have triggered a crisis of industry trust, severe market turmoil and even a long-term bear market.

Surprisingly, Bybit's theft incident did not repeat the historical tragedy, and its negative impact on the entire crypto industry is much smaller than expected. After a series of stress tests in withdrawals, Bybit finally withstands the pressure, and on February 23, its deposits and withdrawals have completely returned to normal levels.

In just two or three days, Bybit can quickly reverse the severe situation. What are the reasons?

Respond to crises openly, quickly and transparently

In crisis management, time and transparency are often the key to success or failure. Just 3 hours after the stolen Bybit, CEO Ben Zhou issued a detailed statement through X, admitting that the hacker had broken through the platform's ETH cold wallet through a vulnerability, with losses of up to $1.4 billion. He also emphasized that customer funds have not been affected, withdrawal channels are kept open, and assets outside cold wallets are safe. Not only that, Ben also updated Twitter and said that the live broadcast will be launched soon, and the live broadcast will synchronize the progress of the attack incident and answer all questions in the live broadcast room. He is frank because there are problems when signing for multiple transfers, but they are ignored.

Faced with the continuous peak of bank runs, Ben did not choose to suspend withdrawals immediately, but chose to openly and transparently to indicate that withdrawals would be open normally. At around 1 a.m. on February 22, its run had passed and 70% withdrawals were processed. The news was synchronized to audience fans in real time by Ben in the live broadcast room, which undoubtedly gave users a reassurance. At around 9 a.m. that day, Ben synchronized the progress of the incident again and had processed 99.99% of withdrawal requests.

In sharp contrast, in 2022, FTX concealed the truth several months before the capital chain broke, which eventually led to a run and a complete bankruptcy of users; in 2014, Mt. Gox even exposed the problem several years after it was stolen, completely destroying the early Bits. Trust of the coin community.

Ben Zhou's quick and transparent action strategy on Twitter and live broadcast rooms quickly won the initial trust of users and the market. Zhou not only disclosed the technical details of the attack (such as hackers exploiting multi-signature vulnerabilities), but also promised to release a complete audit report. This candid attitude effectively curbs the spread of rumors and avoids the vicious cycle of panic withdrawals.

Data shows that within 24 hours after the incident, Bybit's net withdrawal was only $700 million, far below its average daily trading volume (about $5 billion). This figure is almost trivial compared to the billions of dollars in daily capital outflows when the FTX crashes.

All sides support each other when they are in trouble

If Bybit's response is an internal firewall, industry collaboration is the best embodiment of external defense. Less than 12 hours after the incident, multiple DeFi protocols and blockchain analytics companies acted quickly. Tether, THORChain, ChangeNOW, FixedFloat, Avalanche Ecosystem, CoinEx, Circle, etc. help them monitor and freeze funds, and some of them have also added them to the address blacklist. Chainalysis locked down about $300 million in ETH that hackers tried to transfer through on-chain tracking, and multiple data tracking platforms reported the progress of Bybit's stolen funds in real time.

In addition, the exchange is also quite united. Competitors such as Binance, OKX, Bitget, and Huobi HTX have provided technical or financial assistance. On February 22, Binance and Bitget deposited more than 50,000 ETH into Bybit's cold wallet.

On February 24, according to lookonchain monitoring, Bybit has obtained approximately 446,870 ETH (about US$1.23 billion) since the hacking attack. Bybit is close to making up for the losses.

This kind of collaboration was almost unimaginable in the past. Looking back at the stolen $600 million in Poly Network in 2021, although the hackers eventually returned most of the funds, the entire process relies on the conscience of the hackers and the industry lacks an effective collective response mechanism. After the Mt. Gox incident, the Bitcoin community even split into multiple factions, accusing the fight with the infight made the recovery work worse.

Today, the maturity of the crypto industry is no longer comparable. The Web3 ecosystem in 2025 not only has more advanced technology tools (such as real-time on-chain monitoring), but also forms a closer community of interests. This unity not only limits the space for hackers to whitewash funds—only about $100 million of ETH successfully transferred as of February 23—also sends a strong signal to the market: the industry has the ability to heal itself.

This resilience is crucial to investor confidence. This collective defense capability significantly reduces the systemic risk of events to the industry compared to the past.

Market maturity improves, investors respond more rationally

The market response is a direct indicator of the impact of events, and the consequences of Bybit's theft this time are far from the "disaster" level. On the day of the incident, Bitcoin, Ethereum and a number of altcoins did not see a significant decline. ETH even saw two consecutive daily rises on February 22 and 23 after the Bybit stolen incident.

In contrast, after Mt. Gox was stolen in 2014, the price of Bitcoin plummeted by 50%, and it took several years for the market to recover; the stolen Ronin Network in 2022 directly led to the near collapse of the Axie Infinity ecosystem.

Why is the market so calm this time? First, investors' psychological expectations of hacking incidents have been greatly adjusted. In the past decade, the crypto industry has experienced countless attacks, and hacking incidents have gradually become a normal risk. Today’s market participants – both retail investors and institutions – are more rational and mature, tending to assess the specific impact of events rather than blindly selling. Secondly, the diversification of the market structure reduces the impact of a single event. The crypto market in 2025 is no longer as highly dependent on a few exchanges as it was in the early days, and the market still has enough liquidity buffer even if leading platforms like Bybit are damaged.

Their financial strength cushioned the impact

The risk resistance of the exchange platform ultimately depends on its financial roots, and Bybit has performed well in this regard. After the incident, Zhou announced that the platform was still fully solvency, and the customer assets were backed up in a 1:1 ratio, and the user funds were not used to fill the losses. In addition, Bybit quickly obtained a bridged loan of about 80% of the losses, and the remainder will be covered by its own reserves and insurance.

Bybit’s financial preparation is no accident. In recent years, with increasing regulatory pressure and increasing user attention to security, large exchanges have generally strengthened risk management. Bybit disclosed its Proof of Reserves in 2024, showing that its debt-to-asset ratio is much higher than the industry average. This transparent financial health has become a reassurance in the crisis. The exchange's funds and profitability level make its hacker incidents within a controllable range. The "affordable" user confidence reduces the pressure of bank runs and avoids further fermentation of the trust crisis.

summary

The reason why Bybit theft did not have such a devastating impact on the crypto industry in the past is due to the synergy of multiple factors. Its transparent crisis communication calmed user panic, industry collaboration demonstrated the resilience of the ecosystem, market maturity kept investors rational, and Bybit's own financial strength provided a solid buffer. Together, these factors turn a potential disaster into a controllable challenge.

More importantly, this incident may become a turning point in the development of the industry. It exposes potential vulnerabilities in multi-signature wallets, prompting technology upgrades; it also proves the value of collaboration and transparency, which may drive stricter industry standards. This crisis in February 2025 did not repeat the historical tragedy, but instead provided valuable experience for the future development of the crypto industry.