The crypto exchange Bybit was hit by an unprecedented hack on February 21, 2025, in which more than $1.4 billion in assets were stolen by the Lazarus Group, affiliated with North Korea. Less than a week later, on February 25, CEO Ben Zhou announced an ambitious counteroffensive: a reward program to tackle the perpetrators. What does this entail, and what does it mean for Bybit and the crypto market? Let’s unravel this.
The attack targeted Bybit’s Ethereum cold wallet, with liquid-staked Ethereum (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens worth $1.4 billion being seized. Blockchain researcher ZachXBT quickly pointed to the Lazarus Group, a notorious North Korean hacker organization. Within two days, Bybit reported on February 23 that it had replaced the stolen crypto, with Zhou assuring that customer funds were “100% 1:1 covered” through bridge loans and own reserves.
But Zhou went further. In an X-post on February 25, he called for a “war on Lazarus” and launched a reward website. Anyone who locates and helps freeze stolen funds can claim 5% of the recovered crypto – up to 10% according to the site, with a potential maximum of $140 million. He said:
“We have a team maintaining and updating this site. We won’t stop until Lazarus and other malicious actors in the industry are gone. Soon we will also open this to other victims of Lazarus.”
This is not a standard bug bounty – it’s an open challenge to a state-supported group. Companies sometimes offer rewards to appease hackers and avoid legal trouble, but Zhou’s call for “elimination” of Lazarus is unusually combative. It may show Bybit’s determination, but it could also be a risk: does this make the exchange a bigger target for future revenge actions from Lazarus?
Lazarus is no small player. Between 2017 and 2023, the group reportedly stole more than $3 billion in crypto, with Bybit’s $1.4 billion being the biggest hit ever – far above the $600 million Ronin Bridge hack of 2022. But PeckShield reported in January 2025 that crypto hacks in 2024 yielded $3 billion, a decrease from 2022, with fewer incidents towards the end of the year. This suggests that security is improving, although phishing and exploits like Bybit’s case remain costly.
Dogecoin
Shiba Inu
Pepe
dogwifhat
Bonk
FLOKI
Bitcoin
Ethereum
Tether
Solana
XRP
Cardano
