The cryptocurrency exchange Bybit has called on the “brightest minds” in cybersecurity to help it recover $1.5bn (£1.2bn) stolen by hackers in what is thought to be the biggest single digital theft in history.
The Dubai-based crypto platform said an attacker gained control of a wallet of Ethereum, one of the most popular digital currencies after bitcoin, and transferred the contents to an unknown address.
Bybit immediately sought to reassure its customers that their cryptocurrency holdings were safe, while its chief executive said on social media that Bybit would refund all those affected, even if the hacked currency was not returned.
“Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” Ben Zhou, Bybit’s co-founder and chief executive, posted on X.
He added that the company held $20bn in customer assets, and would be able to cover any unrecovered funds itself or through loans from partners.
Bybit, which has more than 60 million users worldwide and is the world’s second-largest cryptocurrency exchange by trading volume, said news of the hack had led to a surge in withdrawal requests.
Zhou wrote that the company had received more than 350,000 requests from customers to withdraw their funds, which could lead to delays in processing.
Bybit said the hack occurred when the company was making a routine transfer of Ethereum from an offline “cold” wallet to a “warm” wallet, which covers its daily trading. An attacker exploited security controls and was able to transfer the assets. Zhou said all other wallets on the exchange were unaffected.
The price of Ethereum dropped by nearly 4% following news of the hack on Friday, but has since almost returned to previous levels.
The company has called on “the brightest minds in cybersecurity and crypto analytics” to help it try to recover the hacked funds, and is offering a reward of 10% of the amount recovered, which could total $140m if the entire hacked amount was retrieved.
“Bybit is determined to rise above the setback and fundamentally transform our security infrastructure, improve liquidity, and be a steadfast partner to our friends in the crypto community,” Zhou said in a statement.
The hack is a setback for the crypto industry, which has rebounded in recent months after benefiting from Donald Trump’s return to the White House, and his promises to make the US the “crypto capital of the planet” amid looser regulation.
Although the identity of the Bybit attacker is unknown, some reports have suggested that the perpetrators could be North Korean state hackers, such as the Lazarus Group, who have been blamed for previous large-scale heists, including the $615m theft from the blockchain project Ronin Group in 2022.