
Stolen over $1.4 billion, why did Bybit survive a life-or-death crisis in just three days?
TechFlow Selected TechFlow Selected

Stolen over $1.4 billion, why did Bybit survive a life-or-death crisis in just three days?
Its transparent crisis communication calmed user panic, industry collaboration demonstrated ecosystem resilience, market maturity kept investors rational, and Bybit's own financial strength provided a solid buffer.
Author: 1912212.eth, Foresight News
On February 24, Bybit CEO Ben Zhou posted an update stating, "Bybit has fully covered the ETH shortfall, and a new audited Proof of Reserves (POR) report will be released soon. Stay tuned."
Previously, cryptocurrency exchange Bybit suffered a shocking hacker attack that resulted in losses of up to $1.4 billion. According to OnchainLens monitoring, a total of 514,723 native ETH and various derivative ETH tokens were stolen. This ranks among the largest single-hack incidents in history, reminding anyone following crypto of past catastrophic precedents—the 2014 Mt. Gox collapse, the 2022 FTX bankruptcy, or the $600 million Ronin Network theft in 2021. The FTX incident even triggered an industry-wide crisis, causing multiple connected firms to fail and severely impacting numerous Solana ecosystem protocols, sending the crypto market into a deep downturn. Each of these events inevitably sparked industry-wide trust crises, extreme market volatility, and even prolonged bear markets.
Surprisingly, Bybit's recent breach did not repeat this historical tragedy, with its negative impact on the broader crypto industry far smaller than expected. After enduring a series of withdrawal pressure tests, Bybit ultimately held firm—by February 23, deposits and withdrawals had fully returned to normal levels.
How was Bybit able to reverse such a severe situation within just two or three days?
Open, Swift, and Transparent Crisis Response
In crisis management, time and transparency are often key determinants of success. Just three hours after the hack occurred, CEO Ben Zhou issued a detailed statement via X, acknowledging that hackers had exploited a vulnerability to breach the platform’s ETH cold wallet, resulting in losses of up to $1.4 billion. He emphasized that customer funds were unaffected, withdrawal channels remained open, and assets outside the compromised cold wallet were secure. Furthermore, Ben updated that he would soon go live to stream real-time updates on the attack and answer all questions from viewers, candidly admitting that there had been an issue with multi-signature transaction signing that had previously gone unnoticed.

Facing continuous peaks in withdrawal demand, Ben chose not to immediately suspend withdrawals but instead publicly affirmed that withdrawals would remain open. Around 1 a.m. on February 22, the peak of withdrawals had passed, with 70% of withdrawal requests already processed. Ben shared this update in real time during the livestream, undoubtedly providing users with significant reassurance. By 9 a.m. that morning, he provided another update, confirming that 99.99% of withdrawal requests had been fulfilled.
This stands in stark contrast to FTX, which in 2022 concealed the truth for months before its liquidity collapse, ultimately leading to user runs and total bankruptcy; and to Mt. Gox in 2014, which didn't reveal the full extent of its theft until years later, completely destroying early Bitcoin community trust.
Ben Zhou’s swift and transparent actions on Twitter and in livestreams quickly earned initial trust from users and the market. Zhou not only disclosed technical details of the attack (such as the exploitation of a multisig vulnerability) but also pledged to release a full audit report. This openness effectively curbed rumor spreading and prevented a vicious cycle of panic-driven withdrawals.
Data shows that within 24 hours of the incident, Bybit’s net outflows amounted to only $700 million—far below its average daily trading volume (approximately $5 billion). Compared to FTX’s collapse, when billions of dollars flowed out daily, this figure was almost negligible.
Support from All Corners During Crisis
If Bybit’s response served as an internal firewall, then industry collaboration represented the best form of external defense. Within less than 12 hours of the incident, multiple DeFi protocols and blockchain analytics firms took rapid action. Tether, THORChain, ChangeNOW, FixedFloat, Avalanche Ecosystem, CoinEx, and Circle assisted in monitoring and freezing funds, with some adding addresses to blacklists. Chainalysis used on-chain tracking to identify approximately $300 million worth of ETH that hackers attempted to move, while multiple data-tracking platforms provided real-time updates on the status of Bybit’s stolen funds.
In addition, exchanges demonstrated remarkable unity. Competitors including Binance, OKX, Bitget, and Huobi HTX offered technical or financial support. On February 22, Binance and Bitget deposited over 50,000 ETH into Bybit’s cold wallet.
On February 24, according to lookonchain data, since the hack, Bybit has acquired approximately 446,870 ETH (around $1.23 billion) through loans, large-depositor inflows, and purchases. Bybit is now nearly fully recovered from its losses.
Such cooperation would have been nearly unimaginable in the past. Looking back at the 2021 Poly Network $600 million hack, although the hacker eventually returned most of the funds, the entire process relied entirely on the hacker’s conscience, with no effective collective response mechanism in place across the industry. After the Mt. Gox incident, the Bitcoin community even fractured into factions, with infighting and blame further worsening recovery efforts.
Today, the maturity of the crypto industry is incomparable. The Web3 ecosystem in 2025 not only possesses more advanced technical tools (such as real-time on-chain monitoring) but has also formed a tighter-knit community of shared interests. This solidarity has not only restricted the hacker’s ability to launder funds—by February 23, only about $100 million worth of ETH had successfully been moved—but also sent a strong signal to the market: the industry has the capability to self-heal.
This resilience is crucial for investor confidence. Compared to the past, this collective defense capacity has significantly reduced systemic risk to the industry.
Increased Market Maturity Leads to More Rational Investor Reactions
Market reaction serves as a direct measure of an event’s impact, and this time, the consequences of Bybit’s hack fell far short of being “disastrous.” On the day of the incident, Bitcoin, Ethereum, and a wide range of altcoins did not experience sharp declines. ETH even posted two consecutive daily gains on February 22 and 23 following the hack.
In contrast, after the 2014 Mt. Gox hack, Bitcoin’s price plummeted by 50%, taking years for the market to recover. The 2022 Ronin Network hack directly led to the near-collapse of the Axie Infinity ecosystem.
Why was the market so calm this time? First, investor psychological expectations regarding hacks have greatly shifted. Over the past decade, the crypto industry has weathered countless attacks, making security breaches increasingly seen as normalized risks. Today’s market participants—both retail and institutional—are more rational and mature, tending to assess the specific impact of events rather than engaging in blind sell-offs. Second, the diversification of market structure has reduced the shock of any single event. In 2025, the crypto market is no longer as heavily reliant on a few major exchanges as in earlier days. Even if a top-tier platform like Bybit suffers damage, sufficient market liquidity remains to act as a buffer.
Strong Financial Position Buffered the Impact
A platform’s risk resilience ultimately depends on its financial foundation, and Bybit excelled in this aspect. After the incident, Zhou announced that the platform remained fully solvent, customer assets were backed 1:1, and no user funds were used to cover losses. Additionally, Bybit swiftly secured bridge loans covering approximately 80% of the loss, with the remainder to be covered by its own reserves and insurance.
Bybit’s financial preparedness was no accident. In recent years, amid increasing regulatory pressure and growing user focus on security, major exchanges have generally strengthened their risk management. In 2024, Bybit publicly disclosed its Proof of Reserves, revealing a balance sheet significantly stronger than the industry average. This transparent financial health served as a reassuring anchor during the crisis. The exchange’s capital and profitability ensured that the losses from the hack remained within manageable limits. The perception that Bybit could afford to absorb the loss reduced withdrawal pressure and prevented further escalation of a trust crisis.
Summary
The reason the Bybit hack did not inflict the same devastating impact on the crypto industry as past incidents lies in the combined effect of multiple factors. Transparent crisis communication calmed user fears, industry collaboration demonstrated ecosystem resilience, market maturity encouraged rational investor behavior, and Bybit’s own financial strength provided a solid buffer. Together, these elements transformed what could have been a potential disaster into a manageable challenge.
More importantly, this event may mark a turning point in industry development. It exposed potential vulnerabilities in multisignature wallets, prompting technological upgrades. It also proved the value of collaboration and transparency, potentially driving the adoption of stricter industry standards. The crisis of February 2025 did not repeat past tragedies but instead provided valuable lessons for the future growth of the crypto industry.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














