Bybit offers 10% bounty to anyone who assists in recovering funds from $1.4 billion hack

In the wake of the largest exchange hack in crypto history, Singapore-based crypto exchange Bybit has announced a recovery bounty program, offering security researchers and organizations 10% of any funds recovered from the hack. 

Should the $1.4 billion in stolen funds be fully recovered, the contributors could share up to $140 million, which would constitute the largest such bounty ever awarded. 

"We want to officially reward our community who lent us their expertise, experience and support through the Recovery Bounty Program," Bybit co-founder and CEO Ben Zhou said. "Bybit is determined to rise above the setback and fundamentally transform our security infrastructure, improve liquidity, and be a steadfast partner to our friends in the crypto community."

Bybit encourages individuals and organizations interested in participating in the recovery program to contact [email protected]. 

Crypto analytics firm Arkham awarded pseudonymous security researcher ZachXBT with a bounty of 50,000 ARKM (about $34,000) for linking the Lazarus Group to the attack on Friday. The Lazarus Group has already begun to launder 5,000 ETH (about $13.7 million), according to ZachXBT. 

Two recoveries have already been reported: mETH Protocol announced it had stopped a withdrawal of 15,000 cmETH, worth about $43.5 million, and moved the funds from the hacker's address to a recovery address. Tether CEO Paolo Ardoino said his organization froze $181,000 USDT connected to the hack. 

Lazarus Group's hacking history

The hack has been attributed to North Korean state-sponsored hacking organization Lazarus Group, which often leverages sophisticated phishing schemes in attempts to score massive payouts from large hacks.

Lazarus Group was previously blamed for the $600 million hack of the Ronin Network used by crypto project Axie Infinity. While it has been historically difficult to recover funds from Lazarus Group attacks, security firm Chainalysis and U.S. law enforcement were able to recover $30 million worth of stolen funds in Sep. 2022. 

"This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote in a blog post at the time.  

Security firm Elliptic also collaborated with exchanges Binance and Huobi in Feb. 2023 to freeze $1.4 million in assets linked to the June 2022 $100 million exploit of the Harmony's Horizon bridge, which was likewise attributed to the Lazarus Group. 

Despite occasional successful recoveries, the Lazarus Group has seemingly held on to the majority of its stolen funds. The FBI alleges that the North Korean government uses the proceeds from Lazarus Group hacks to fund its ballistic missile and nuclear weapons programs. 

Updated at 11:30 am EST with additional details of Lazarus Group recoveries.