Interview with Bybit CEO: From the Brink of Collapse to Full Recovery, How Did Bybit Survive the Crisis in 72 Hours?

2025.02.28

Interview with Bybit CEO: From the Brink of Collapse to Full Recovery, How Did Bybit Survive the Crisis in 72 Hours?

"One of my greatest fears is being unable to understand my own limits, and letting down those who trust me."

2025.02.28 - 02:05:06

Bybit

Navigating Web3 tides with focused insights

"One of my greatest fears is being unable to understand my own limits, and letting down those who trust me."

Compiled & Translated: TechFlow

Guest: Ben Zhou, CEO of Bybit

Host: Kevin Follonier

Podcast Source: When Shift Happens

Original Title: Bybit Founder: How I Survived The Biggest Crypto Theft Of All Time | E110

Release Date: February 27, 2025

Introduction

Just days after Bybit suffered a $1.5 billion Ethereum hack, host Kevin sat down with the exchange's CEO, Ben, for an in-depth conversation.

This dialogue reveals how Bybit managed the crisis within 72 hours—successfully processing 350,000 withdrawal requests while rapidly securing replacement funds to ensure uninterrupted operations.

The interview offers invaluable insights into leadership under extreme pressure and maintaining user trust when billions are at stake.

Key Highlights from the Interview

What doesn't kill you makes you stronger.
One of my greatest fears is never knowing my limits. Another fear is letting down those who trust me.
My goal is to make sure our company still exists ten years from now.
Stress comes from feeling powerless when problems exceed your control.
You must invest in your employees and leaders.
Bybit has never been the market leader—we're more like a "dark horse."
Transparency and timely communication are key to rebuilding trust, while maintaining professionalism forms the foundation for earning community respect.
Not your keys, not your coins.
Once your assets reach a certain scale, you become a potential target—so diversifying storage locations is crucial.
Involving key personnel in signing processes places excessive psychological burden on them during crises.
The beauty of our industry lies in transparency and direct communication between founders and customers.
We have an emergency mechanism called a "P-1 incident" for handling the most severe crises. We run monthly drills simulating various major events. There’s a dedicated P-1 button that any employee can press. Once triggered, the system automatically wakes up all management layers and calls each person sequentially. If someone doesn’t answer, it moves to the next responsible party until someone responds.
People feel stressed mainly because they know tasks need doing but aren’t taking action. My approach is simple—if something needs doing, I do it immediately—so stress isn’t an issue for me.
During major crises, PR isn’t about the PR team—it’s about the founder or CEO personally stepping forward. If I let the PR team draft messages and tweet them out, or send someone else to speak, it would backfire. In times of crisis, the public won’t trust statements from PR teams—they want to hear directly from the founder or CEO.
No matter what emergency arises, I handle it myself—I don’t rely on others. I don’t think step by step—I jump straight to the critical fourth or fifth step.
Throughout the entire event, we kept withdrawal channels fully open—customers could withdraw their assets anytime. Even amid a bank-run-like situation, we never rejected a single withdrawal request.
Centralized exchanges remain vital to the ecosystem. Most people need centralized products to enter the crypto world. Users may briefly participate due to market trends, but without an intermediary platform, there’s no place for deeper engagement or long-term use.
Although this hacking incident was regrettable, it strengthened my resolve—to fight hackers to the end. Additionally, we plan to launch a new website this week called HackBounty.com—a dedicated aggregation platform focused on tracking stolen funds. Anyone can post bounties and become a bounty hunter. Through this platform, we aim to help all victims trace stolen funds while enhancing accountability and transparency across the industry.

The Fastest Recovery in Crypto History

Kevin: How do you feel about what happened?

Ben:

I believe the positive aspect of this incident was our transparency. We showed the world how to professionally manage a crisis, which helped many rebuild confidence in us. As the saying goes: "What doesn't kill you makes you stronger." So we’ve already seen customers returning—including VIPs and institutional partners. I also think we took some innovative steps, such as tracking fund flows, which is a novel attempt in the industry.

We’re planning to launch a new website. The entire team worked nonstop for two days after the hack to develop it—with the goal of helping future victims track fund movements. Its features will be quite unique. Our design team also invested heavily, creating some really cool designs.

Strategy Behind Responding to the $1.5 Billion Hack

Kevin:

Usually, when someone experiences a hack or similar disaster, they go through several stages: violation, anger, frustration—before realizing they’re in control and eventually bouncing back. But you seemed to skip the first three stages and went straight to recovery. When you learned your exchange was hacked with losses reaching $1.5 billion, what was your immediate reaction?

Ben:

At the time, I received a call from our CFO. When he called, I realized something big must have gone wrong. He told me our wallet might have been compromised. I had just signed off on a transaction involving 30,000 ETH—and then I realized the situation was worse than I thought.

I asked: “Were we hacked?”

He said: “Yes.”

I followed up: “Are all 30,000 ETH gone?”

His voice began to tremble: “More than that… the entire wallet seems breached. About 410,000 ETH—worth roughly $1.5 billion.”

My next question was: How did this happen?

Security team told me it was related to the transaction I signed—they suspected it caused the security breach. I pressed further: “Are other wallets safe?” They confirmed only this one was affected. I triple-checked this answer because it was critical for my next decisions. If the issue was contained, I could focus on solving the current crisis; if not, I might need to shut down systems to prevent further loss. After confirmation, I learned the problem was limited to one cold wallet—and stemmed from a vulnerability in the third-party Genesis Safe solution.

Then I asked: “Besides this compromised wallet, do we have other assets under Genesis Safe?” They replied yes—one stablecoin wallet worth up to $3 billion. I immediately asked them to confirm whether this $3 billion was secure. Eventually, they confirmed the stablecoin wallet was unaffected. At that moment, I asked our CFO: “Can we cover this loss using company funds?” He said yes. Hearing that, I felt relieved—because I knew customer funds were safe, and I wouldn’t need to sell the company or seek outside investment.

I immediately contacted our COO, briefed her on the situation, and she activated our crisis response protocol. We have an emergency mechanism called a "P-1 incident" designed for handling the most severe crises. We conduct monthly drills simulating various possible major incidents.

Kevin: Can you give an example of previous P-1 incidents? How do they compare in scale to this one?

Ben:

Nothing compares to this. Previous P-1 incidents might involve site downtime, matching engine failures preventing derivative trading, or temporary unavailability of withdrawal systems. According to our definition, any functional failure affecting over 10,000 customers or causing over $1 million in losses qualifies as a P-1 incident.

We have a dedicated P-1 button that any employee can press. Once triggered, the system automatically alerts all management layers and calls each person sequentially. If someone doesn’t pick up, it moves to the next responsible individual until someone answers. Meanwhile, the team gets assigned to an online meeting room where they start logging the incident, assigning tasks, and implementing solutions.

Balancing Judgment vs. Procedure in Decision-Making

Kevin: Do you tell everyone exactly what happened?

Ben: In such cases, we inform the team about the situation—we tell them we’ve been hacked. Facing such a crisis, it’s essential that every team member understands what’s going on internally.

Kevin: You mentioned your team has a well-established emergency procedure. How effective were these procedures during crisis management? While procedures are important, judgment plays a crucial role too. In such situations, how would you weigh judgment versus procedure?

Ben:

Judgment carries significant weight in such incidents because every crisis is different. In past events, my role was mostly internal. For example, during site outages, I’d typically issue a short announcement explaining the issue—like “Our website is temporarily inaccessible; technical teams are working on it.” In those cases, customers already perceive the problem—we just need to confirm and calm emotions. Site outages are among the most serious issues an exchange faces besides hacks. Imagine the impact on user experience and reputation if a large platform like Binance or Bybit went down.

Handling such issues, my main responsibility is working with tech teams to identify root causes. We systematically check—is it an AWS server issue? Frontend loading failure? Or a newly introduced code vulnerability? We’ll disable relevant systems for testing until we pinpoint the cause.

But this hack was entirely different. Our systems were running normally—users noticed nothing unusual—yet we suffered a $1.5 billion loss. Traditional emergency templates no longer applied. Faced with an unprecedented scenario, we had to create new strategies and relied heavily on judgment.

Why Don’t You Feel Stress During Crises?

Kevin: How do you make correct decisions under high pressure? Were there challenges in your personal life or entrepreneurial journey that helped you better handle such situations?

Ben:

For me, facing stress or emergencies, I rarely feel stressed. People feel stressed mainly because they know tasks need doing but aren’t acting. My way is simple—if something needs doing, I act immediately—so stress isn’t an issue for me.

When the event occurred, I clearly understood some things were beyond my control—like the $1.5 billion loss. That magnitude clearly exceeded my current control range, so I didn’t waste energy worrying about unsolvable problems.

The next priority was managing a potential bank run. Markets and users would eventually learn about the incident—what should I do to stabilize sentiment and maintain trust? Every move we made would directly impact Bybit’s development trajectory over the next 5–10 years. My goal is ensuring our company still exists ten years from now. We needed to handle this professionally and transparently—showing the world we can overcome such crises.

I quickly entered battle mode. Since age 12, I left home and lived alone in New Zealand. Without parental support, I had to face all kinds of challenges independently—adjusting to homestays, handling school matters, dealing with unexpected life events.

So no matter what emergency arises, I must handle it myself—no one else to rely on. I don’t follow step-by-step thinking—I jump straight to the critical fourth or fifth step.

Crisis Public Relations Management

Kevin: How did you manage PR? To ensure Bybit remains a leader over the next decade, what measures did you take to avoid turning this into a PR disaster?

Ben:

A major issue is many believe having a PR department means delegating all PR work to them—but that’s not true. During major crises, PR isn’t about the PR team—it’s about the founder or CEO personally stepping forward. If at such a moment I let the PR team draft messages and tweet them out, or send someone else to speak, it would backfire. In crisis moments, the public won’t trust statements from PR teams—they need to hear directly from the founder or CEO.

When I realized a bank run was imminent, I knew customers would have many urgent questions. So first, I contacted our COO to ensure she could coordinate the team to handle customer calls and follow-up actions—while getting everyone fully mobilized for the challenge ahead. Then, I personally drafted the first tweet—because I wanted all media and the public to get accurate information directly from me. At that point, even my own team didn’t fully grasp the full picture—the PR team only had secondhand details. As the founder, I was the only one with complete facts and authority to speak—so I had to personally take on PR responsibilities.

In such events, the most dangerous thing is opacity and rampant speculation. If markets begin suspecting Bybit might shut down or we’d run away, it would be devastating. So right after my first tweet, we organized a live stream within about 40 minutes. I appeared on camera personally, explaining the full story to the public.

The team suggested Twitter Spaces, but I insisted on video streaming. I believed letting people see my face—having the founder and CEO explain directly—was key to building trust. By facing the camera, I could convey authenticity, showing we weren’t hiding or evading responsibility. This direct communication is far more effective than indirect statements or spokespersons.

I could focus on core PR work because a strong team supported me behind the scenes—handling other tasks—so I could concentrate on communicating with the public. It wasn’t just about my personal effort—it was the result of efficient execution by the entire team.

Ethereum Shortage Crisis: How to Restore Market Stability?

Kevin: During a bank run, the first step is preventing escalation. What’s next? Who are the key partners you need to contact? Who did you reach out to first—and why?

Ben:

During a bank run, the top priority is building trust. I needed to personally communicate with customers and the market—letting them know we were taking action. Even though I prepared for this, I knew a bank run was unavoidable.

Kevin: At that moment, what was your worst-case scenario?

Ben:

The worst case was although Bybit’s customer assets were supposed to be fully backed 1:1, we faced an Ethereum shortage—meaning we couldn’t fully meet customer demands to withdraw ETH.

I wanted customers to be able to withdraw—proving our assets truly were 1:1 backed. But the problem was customers most wanted to withdraw ETH—and we happened to be short on that. So to quickly restore market confidence—and align with my long-term vision of making Bybit last 50 to 100 years—we had to refill the ETH gap ASAP.

To solve this, I immediately tasked the finance team to contact partners and seek “bridge loans.” This differs from buying ETH directly on the market—where purchases would drive prices up and increase costs. Bridge loans are simpler—we used existing assets like Bitcoin and USDT as collateral to borrow equivalent value in ETH from partners.

Kevin: Under market panic, how did you convince your partners?

Ben:

Actually, no convincing was needed. If our assets truly covered withdrawal demands, there was no reason for panic. We were only short on ETH—not overall assets. We still had Bitcoin, USDT, and operating cash—all usable as collateral.

Customer assets are managed separately, but to fill the gap, I converted company-owned assets into ETH to close the shortfall. This restored our full 1:1 backing ratio.

Kevin: Could customers or partners question the 1:1 standard?

Ben:

Typically, partners require higher collateral ratios—like 110% or 120%—depending on asset type. For Bitcoin, maybe 100%-110%; for stablecoins, lower requirements; for volatile assets, higher ratios apply.

What Defines a Great Leader?

Kevin: What makes a great leader?

Ben:

In my view, a great leader stays calm in critical moments and clearly directs the team. For example, during crises, I clearly assign tasks: “You handle this, you handle that.” This ensures everyone focuses on their responsibilities. But unexpected issues always arise during crises.

When the hack happened, we immediately notified Safe and Genesis Safe platforms, asking them to suspend services to prevent further withdrawals. While this effectively stopped additional losses, it created new problems. Some partners—those providing bridge loans—informed us after signing contracts that they couldn’t complete transfers because their funds were also trapped inside Genesis Safe.

This was just the beginning. More critically, we had $3 billion in USDT stored on the Safe platform—but with service suspended, I couldn’t access these funds, while facing massive customer withdrawal requests. Our system allowed real-time visibility into withdrawal volumes, wallet distributions, and inventory levels. Based on trend projections, our existing stablecoin reserves could only last six hours—after which we’d need to tap into that $3 billion—but I couldn’t withdraw it.

Under these circumstances, I chose to temporarily leave the live stream, letting colleagues continue communicating with the public. Simultaneously, I immediately contacted the wallet team, instructing them to stop investigating the hack’s root cause and instead focus on developing new software to securely extract these funds. The team assured me they’d complete development and testing quickly to retrieve the $3 billion USDT. Failure meant the company risked shutdown.

So I decisively ordered the team to prioritize this task above all else. During crises, leaders must stay calm and set clear priorities. My top priority was ensuring Bybit’s safe operation and enabling smooth customer withdrawals.

This wasn’t achieved by one person—it was the collective effort of the entire team. Within three days, we solved the ETH shortage—even restoring liquidity quickly via OTC (over-the-counter) trading. The wallet team handled technical development, customer support processed massive requests, and the institutional team ensured liquidity recovery.

What Stresses Ben Out—and His Greatest Fear

Kevin: What stresses you out?

Ben: Probably my wife and kids—they’re the only ones who can stress me. Whatever they say, I almost can’t refuse. Honestly, I handle work-related stress pretty well. Compared to that, family is where I truly feel pressure.

Kevin: Things seem to be going well now. What’s your biggest fear in life?

Ben:

I think one of my greatest fears is never knowing my limits. That’s why I always push myself fully at work—because I don’t know where my potential ends. To me, the scariest thing is looking back later in life and realizing I didn’t give my all toward my goals—that kind of regret terrifies me.

Another fear is failing those who trust me. Whether my team or my customers, their trust is priceless—and the last thing I want is to disappoint them. I think this matters deeply to me.

A Special Moment That Would Make Me Stop

Kevin: For you, when would you feel satisfied enough to say, “I’m happy now”?

Ben: For me, that moment of satisfaction might come when my energy and health can no longer sustain me. I think that’s how I measure “enough”—based on my physical energy and health. If one day my body tells me to stop, that might be when I feel satisfied.

Facing the Most Stressful Moments

Kevin: One last question about stress. What was the most stressful moment you’ve ever experienced?

Ben:

The most stressful moments probably come when receiving certain phone calls. As for the single most stressful moment, I can’t recall it right now.

If I had to name a recent one, it would be an event our team just went through. But this time was different—we gave it our all. I think sometimes stress doesn’t come from the problem itself—but from the feeling of powerlessness when the problem exceeds your control.

What Comes After the Crisis?

Kevin: What led to the hack and the $1.5 billion loss?

Ben:

In short, our Ethereum cold wallet was hacked. Currently, we’re working with internal and external security teams to investigate the specific attack method and vulnerability.

We expect preliminary findings from the internal team possibly tomorrow. Then we’ll disclose details publicly—hoping our lessons help prevent others from becoming similar victims. But if you want more specifics, ask directly—otherwise I might stay too general.

Kevin: You mentioned taking different actions on the day-of, day-one, and day-two. We've discussed the immediate response. From day one onward, what specifically did you do?

Ben:

Day one’s top priority was ensuring all user assets remained safe. Within 12 hours, we completed all pending withdrawals, preventing further losses. The focus that day was crisis management—emergency response, PR handling, stabilizing market sentiment—while sending a clear message: we’re still operating normally.

On day two, I finally had time to think strategically about the company’s next steps. The day centered on three core tasks: First, analyzing impact reports—assessing exact losses, including affected regions, institutional/VIP customer impacts, and liquidity status; Second, collaborating with the business intelligence team to comprehensively review data, while engaging external security experts to dig deeper into technical details; Third, starting to formulate a fund recovery plan—evaluating chances of reclaiming lost assets. These three tasks became my primary focus—I allocated my time as evenly as possible across these key areas.

How Long to Rebuild?

Kevin: You mentioned the company has enough funds to cover this loss. How long do you think it will take to recover this $1.5 billion loss through company earnings?

Ben:

You mean you want to know our annual revenue level, right? I’ve seen some estimates about our yearly income—they’re generally in the right ballpark. However, keep in mind we also have other operational costs and expenses affecting overall financials. So the exact timeline to fully recover depends on multiple factors.

Repurchasing 400,000 ETH

Kevin: You previously mentioned repurchasing Ethereum could offset this loss. Given Ethereum is a highly volatile asset—and especially if prices rise—how do you plan to complete the repurchase without incurring additional losses?

Ben:

This is currently a hot topic in the market. We completed all repurchases via OTC (over-the-counter), unlike direct exchange purchases. OTC is designed for large transactions and avoids significant market price impact. Even trades exceeding $1 billion won’t trigger sharp market fluctuations. Any minor ETH price movements recently stem from market speculation—not our repurchase activities.

To date, we’ve repurchased approximately 300,000 ETH—originally losing 400,000. The remaining ~100,000 were obtained via loans, which we’re gradually repurchasing and replacing. These loans are secured by my collateral and incur interest. Holding them long-term isn’t cost-effective, so I’m motivated to complete repurchases quickly. So far, we’ve significantly narrowed the funding gap—the buyback process continues steadily.

Key Decisions That Helped Bybit Survive

Kevin: When building an exchange or other businesses, you often face choices between cutting costs or pursuing rapid growth—yet this is often a key reason companies collapse during crises. Can you share examples where you chose not to cut costs—and how those decisions may have helped you survive this weekend?

Ben:

That’s an excellent question—there are indeed many hidden details behind it. For instance, we decided to keep all system withdrawal functions fully operational throughout this event. This is extremely rare during exchange hacks—many exchanges would pause withdrawals in similar situations.

So how did we pull this off? The key lies in our tightly integrated operations and powerful real-time data support. Our systems run entirely on real-time data—including margin calculations, wallet balances, and all key metrics. Unlike traditional systems with T+1 or 10-hour delays, ours reflects fund flows instantly. This real-time capability allows us to quickly and accurately check inventory across chains upon receiving withdrawal requests—and predict risks. For example, distinguishing between 100% and 10% bank runs is crucial during a crisis. But how do you get this data? FTX lacked this ability—they didn’t have reliable data to support calm decision-making.

Thanks to these real-time systems, I could make many critical decisions based on accurate data. This reflects our ongoing investment in internal tools—such as giving finance teams clear fund flow visibility and risk teams early warnings for liquidity shortages. Because of this, we could rapidly generate impact reports during the event—precisely identifying affected countries and customer groups—and implement targeted remediation.

Investment in these internal systems is absolutely non-negotiable. If we skimped here, I’d feel deeply uneasy—because it directly undermines our decision-making capacity.

Investing in a Top-Tier Team

Kevin: This example clearly illustrates your investment in business intelligence systems—enabling real-time monitoring and fast crisis response. Any other examples?

Ben:

I believe investing in your team—ensuring they can lead the company to its goals—is extremely important. I firmly believe we have a world-class team—and our performance proves it. In the past 12 hours, we processed around 350,000 withdrawal requests—all completed within deadline. This relies not only on backend systems but also on outstanding performance from support, approval, audit, and risk management teams—each excelling in their roles. Based on my experience, few exchanges can handle such volume in such a short time.

We quickly mobilized all team members and executed efficiently—reflecting precise company management. Like a well-managed ship, when a leak appears, everyone knows their duty and acts swiftly. Our PR and live-streaming teams performed exceptionally too—every detail carefully planned and executed.

Our live-streaming team was thoroughly prepared. Even in emergencies, they maintained professional standards—with every detail precisely arranged. For example, when I stepped away to get updates, the screen displayed a clear timing slide saying “We’ll return at 6:30 or 10:00”—not just “Please wait.” This let customers know we’d return on schedule—strengthening their trust.

Additionally, we adjusted stream duration based on viewer count. After 1 hour 45 minutes, viewers dropped from 40,000 to 4,000—I recognized it was time to end. If numbers stayed high, I’d continue. This flexibility and precision stem from the team’s professional planning and execution.

So I believe ultimately, you must invest in your employees and leaders. Such investment isn’t easy—it requires tough screening. A great team isn’t built casually—you need strict standards and discipline. You might need to fire 10 people to find one truly qualified candidate. At Bybit, our hiring process is rigorous—many candidates don’t pass the three-month trial. We’d rather spend extra time filtering than lower standards. Ultimately, this strict selection helped us build a team capable of truly driving company success.

Why Bybit Never Launched a Token

Kevin:

Beyond business intelligence, data analytics, real-time monitoring, and team building—I have another question I’m very curious about: Bybit is one of the few exchanges that hasn’t launched a native token. Why have you never considered issuing one?

Ben:

There are several reasons. We did consider launching a token—but ultimately abandoned the idea. Frankly, when we entered the market, we missed the optimal timing.

For example, Binance launched a token, OKX launched one—even newer exchanges issued their own tokens. But I’ve never fully grasped the real purpose of token issuance. If an exchange is already profitable, it can raise capital through other means. And if the exchange is sustainably operational, it usually doesn’t need extra funding. So why issue a token? Typically, tickets are for attracting investors or building ecosystems to draw users in—but Bybit never tried building a standalone ecosystem.

We’ve always seen ourselves as part of a larger ecosystem—not isolated entities. From day one, our business model closely partnered with influencers and KOLs—becoming part of their ecosystems. When we launched spot trading, we chose to collaborate with existing ecosystems like Solana and Ton—rather than build competing ones. We found this avoids potential conflicts of interest. In contrast, many exchanges—owning their own ecosystems—must compete not only with other exchanges but also with Solana or other blockchain ecosystems—reducing collaboration opportunities.

I believe only absolute market leaders should build their own ecosystems. With sufficient market share and resources, expanding via ecosystems makes sense. But Bybit has never been number one—we’re more like a “dark horse.” Thus, we never had the conditions to try launching a token or building an ecosystem. Ultimately, we chose to focus on our core business—without launching a token.

Kevin: Then, if this weekend’s situation were different—say Bybit had its own token—would anything change?

Ben:

I don’t think it would make much difference. Honestly, I don’t see a direct link between having a token and this event. If we had a token, what impact do you think it would have?

Kevin:

Maybe the market would short the token, causing its price to crash—worsening sentiment and sparking more panic. That could create another layer of crisis for you.

Rebuilding User Trust After the Crisis

Kevin: I heard you faced around $4 billion in withdrawals overnight. Under such pressure, how did you rebound and rebuild user trust?

Ben:

We’ve started regaining trust. I believe the key lies in crisis response. Transparency and timely communication are central to rebuilding trust, while maintaining professionalism earns community respect. Despite huge challenges, Bybit demonstrated high professionalism—widely recognized. Many users even praised us during the crisis—calling our performance trustworthy. This trust extends beyond users—it’s also recognized by global regulators.

We’re applying for licenses through multiple regulatory bodies. In recent days, many reached out saying: “Hey, I think Bybit handled this exceptionally well.” Some now trust us even more—believing that if we face any future events, we’d handle them similarly.

So from this perspective, it actually became the best showcase of how we operate and our values.

Crypto Wallet Security: Lessons Learned

Kevin: Regarding risk management, what improvements will Bybit implement moving forward? I’m also pondering: Was storing $1.5 billion in a single wallet reasonable? How should we distribute funds? What amount is too much—or too little?

Ben:

This is a very important question—one that sparked much discussion these past days. Our security team is actively researching new solutions to prevent similar risks. Going forward, we plan to optimize our wallet system—such as splitting wallets to reduce risk. That way, even if one wallet is attacked, the overall funds won’t suffer major impact.

We’re also exploring advanced technical approaches. I think Ethereum’s developments are worth referencing—such as smart contract wallets. These wallets enhance security through multi-sig and permission controls—even avoiding online signing risks. Some of our current wallets rely on online signing—which, while convenient, aren’t truly cold wallets since they require browser operations. In contrast, most of our Bitcoin is stored in cold wallets—completely offline—with all signing and transactions occurring offline. Unless physically breached, such storage is nearly impossible to hack.

So I think we’ll design solutions focusing on physically impenetrable zones. Yes, I believe these are key focus areas for us.

The Future of Self-Custody in Crypto

Kevin:

This brings me to a core issue in crypto—self-custody. In our industry, we often say “Not your keys, not your coins”—usually reminding individuals not to store assets on exchanges but to self-custody. But when major security incidents occur, does this advice really hold? Your security measures are far more sophisticated than typical user self-custody—but you still got hacked.

Does this mean both individuals and institutions face security risks? In your view, what’s the future direction of self-custody?

Ben:

Great question. We indeed face a key challenge—we’re a very obvious attack target. For hackers, large exchanges like Bybit are prime targets. One key lesson from this incident is our scale has surpassed some of the security service providers we depend on. Logically, attacking us makes “sense” for hackers. I’m not saying that’s what happened here—but it’s worth noting. No matter how robust our security, being a big target inherently increases risk. So relying on third-party solutions isn’t ideal.

For ordinary users, the principle “Not your keys, not your coins” is correct—but I’d emphasize “risk diversification”. When your assets reach a certain size, you become a potential target—so diversifying storage locations is crucial. For institutions like Bybit, we need to apply the “self-custody” concept to ourselves—using fully proprietary technical solutions instead of relying on third parties.

Responsibility is the biggest lesson we learned. Although we invested heavily in security, we still had a failure. This shows shortcomings in certain decisions—like choosing a browser-based signing solution, which clearly wasn’t secure enough. Going forward, we must focus more on developing and using proprietary security technology—not rely on industry standards. Industry standards offer some protection—but aren’t foolproof. The biggest issue with third-party reliance is transferring partial responsibility—making us less cautious on critical issues.

Especially for exchanges like ours—the longer we operate, the higher the chance of becoming a target.

Kevin: Especially for exchanges like ours, the longer we operate, the higher the chance of becoming a target.

Ben:

After this incident, we exchanged views with some industry peers. I found many exchanges use internally developed security solutions. Their view: Why rely on third parties? Third parties aren’t necessarily flawed—but once attacked, you lose control. This is a life-or-death issue. You shouldn’t hand over control of your security to others. For Bybit, our Bitcoin and other crypto assets are primarily stored in internally developed secure systems—but Ethereum handling is more complex. Smart contract development for Ethereum is harder—requiring specialized expert teams—which we hadn’t sufficiently invested in before. Looking back, this is one of my biggest regrets. We should’ve considered this earlier during policy formulation. Though we now have such experts, our systems haven’t been fully upgraded—this is a critical issue needing resolution.

ETFs vs. Exchange Security Risks

Kevin: Did this weekend’s event increase attention toward ETF (exchange-traded fund) demand? ETFs require asset custody—and those assets must be stored somewhere. Do you think ETF custodianship faces similar security risks as Bybit—or are they completely different?

Ben:

Essentially, ETFs and exchanges do face similar risks—but it depends on how ETFs safeguard assets. Note that Bybit, as an exchange, operates very differently from ETFs. Our code wallet solutions require frequent adjustments and maintenance—almost redeployed weekly. ETF asset management is relatively static—mostly deposit states—with occasional small withdrawals.

Exchanges handle massive deposits and withdrawals daily—including small and large amounts—while ETFs can choose safer but slower solutions due to low operation frequency. As an exchange, we must balance efficiency and security. If withdrawals take too long, customers get frustrated—so our system must complete withdrawals within minutes.

Analysis of Bybit’s Asset Changes Before and After the Hack

Kevin: How did Bybit’s assets and liabilities change before and after the hack?

Ben:

Before the attack, our total customer assets were about $20 billion. In the first few days after, it dropped to $14 billion—later falling further to $10–12 billion. But as market sentiment stabilized, it rebounded back to around $14 billion.

Kevin: How do you prove customer assets are safe?

Ben:

Our reserves undergo independent audits—ensuring 1:1 backing. I believe no other exchange can claim this.

Throughout the entire event, we kept withdrawal channels fully open—customers could withdraw anytime. Even amid a “bank run,” we never rejected a single withdrawal request. If an exchange lacks 1:1 reserves, it typically pauses or restricts withdrawals to buy time raising funds. We never faced this. This was the ultimate test of our reserve system.

The Future Is On-Chain

Kevin: You’ve always emphasized “The future is on-chain.” Did this weekend’s event further highlight the importance of decentralizing Bybit?

Ben:

My view hasn’t changed. While the future is indeed moving on-chain, this doesn’t mean centralized exchanges will disappear. I believe infrastructure will improve, bringing more liquidity—just like crypto growth over recent years. From five years ago to today, the entire industry has advanced greatly—but that doesn’t mean stock markets are declining.

So my logic is centralized exchanges remain vital to the ecosystem. Most people need centralized products to enter crypto. Users may briefly join due to market hype—but without an intermediate platform, there’s no space for deeper exploration or long-term use. That’s the real value of centralized exchanges—they provide access to multiple ecosystems or products, letting users stay, explore, and eventually become native crypto users.

Then at some point, they might explore elsewhere. Even most unengaged users still hold accounts on centralized exchanges—and often have balances in both places—frequently with larger balances on centralized platforms.

Image Problems in the Crypto Industry

Kevin: Today, the crypto industry sees new major events almost weekly—how can the public take this industry seriously? What must we do for it to be taken more seriously?

Ben:

I agree the industry faces image issues—but we should also recognize positive progress. I’m not boasting, but in handling this recent hack, we demonstrated a different approach. I saw people comparing Bybit to FTX—but it’s completely different. We resolved the incident within three days—an unusually efficient response in the industry. Although this hack was unfortunate, it strengthened my determination—to fight hackers to the end. Plus, we plan to launch a dedicated website this week to help victims better cope with losses.

I believe this isn’t just Bybit’s problem—it’s a shared challenge across the crypto industry. But other areas have made significant progress—especially in on-chain activity. Many decentralized exchanges (DEXs) now offer solutions to problems once thought unsolvable.

The crypto industry is still young. Looking back at the internet’s early adoption phase, there were many issues and imperfect infrastructure too—but it takes time. So crypto is still very young. I believe most people no longer see crypto as pure scams—most countries are legalizing and regulating it. So while the road is challenging, I believe it will only grow steadier and higher.

Key Lessons and Greatest Regrets

Kevin: You previously mentioned one of your biggest regrets was not building internal digital wallet infrastructure. Aside from that, are there other regrets?

Ben:

Looking at this weekend’s event, we identified areas needing improvement. For example, our withdrawal system could be more efficient and smoother. Even during crises, we should ensure customers can withdraw quickly. Our only regret is making some customers wait—they might think we’re deliberately blocking them, but that wasn’t our intent. I truly wish we could let everyone withdraw anytime. I hope to optimize systems so every customer can smoothly withdraw anytime in the future. This would strengthen trust and peace of mind—knowing their assets are safely in personal wallets. So we need system upgrades to perform better in similar future events.

Also, I learned important lessons in wallet security team management. For example, many may not notice—my CFO was the first signatory, followed by one of our co-founders. Looking back, one of my biggest regrets is: Why did I let such a key figure serve as a signer? After the hack, he faced immense team pressure, faced me—and his family might have been affected too. Though we all know it was external hackers’ fault—confirmed as North Korean hackers—he still feels guilty, believing he bears responsibility. I’m deeply worried he might eventually leave—he’s been a key partner fighting alongside me for 4–5 years. I fully trust him—but I overlooked this fact: involving key figures in signing processes places excessive psychological burden on them during crises.

Kevin: Then who would be better suited for this role?

Ben:

Someone I trust—but not necessarily a core executive. Ultimately, a signer just needs to be trustworthy—not carry heavy company responsibilities. If my CFO wasn’t involved in signing, he wouldn’t be in this position. So going forward, I’ll definitely adjust this process—avoiding putting key personnel at such risk. I can’t imagine the psychological pressure he endured this weekend—this makes me deeply regretful and reminds me that process design needs greater foresight.

Message to Future Founders

Kevin: For aspiring entrepreneurs entering crypto, what advice would you give? After all, similar crisis events may be hard to avoid.

Ben:

I believe the beauty of our industry lies in transparency and direct communication between founders and customers. Compare us to traditional finance—like banks. Even banks rarely handle crises as openly and transparently as we do. In crypto, transparency and direct founder-customer communication are essential.

If someone experiences such an event, I believe transparency is key—maintain communication. Let customers know you’re here—markets will reward your transparency.

Why Do Crypto Hackers Keep Succeeding?

Kevin: You’ve been busy nonstop for three days. Half an hour from now, when you return home or to the office, what will you do?

Ben:

I still have important matters to handle—like whether we’ve uncovered the full truth. We’re forming a dedicated task force to track fund flows—and hope to help the entire industry through this, not just solve our own problem. During this crisis, many industry partners proactively offered help—without asking for anything in return. So I feel we have a responsibility to contribute. Whether Lazarus or other hacker issues—these are ongoing challenges in the industry.

A major current problem is victims often feel helpless after being hacked. Hackers know you’ll chase them—but they also know if you’re an individual or small company, your resources are limited—you can’t track fund flows indefinitely. Worse, hackers often split funds into small amounts—say $100K per transaction—then route them through mixers, bridges, or exchanges. By the time you contact an exchange’s legal team, the funds are already moved. After a few attempts, you might give up. This is common in the industry.

Right now, we lack a dedicated platform aggregating fund-tracking data. Tools like Chainalysis exist—but when you reach endpoints (mixers, bridges, exchanges)—funds may already be untraceable or unfreezable.

Hackers usually avoid easily frozen assets like USDC. They use exchanges, mixers, and bridges to drain your time and energy. Eventually, you might find only two or three people constantly switching exchanges—and even if exchanges respond fast—say within half a day—the funds are already gone. Hackers win by exploiting these delays.

To fix this, we need an industry-wide information platform. It could show where funds become untraceable—like mixers—and rank endpoint response speeds. For example, if 200 transactions totaling ~$50M flowed into a mixer that can’t be tracked—this data could help seek legal or regulatory assistance. If these funds link to Lazarus or other sanctioned groups—we could take further action.