Bybit Returns 47,800 ETH ($114M) Borrowed From a Whale/Institution After the Recent Hack

The blockchain analytics company Lookonchain confirmed that Bybit returned approximately 47,800 ETH, a market value of around $114 million, to a whale or institution. The exchange returned the funds after its cold wallet fell victim to a significant security breach last week.

Background of the Hack

The exchange suffered a major security attack on February 21, 2025, which led to the unauthorized transfer of 401,346 ETH, valued at $1.13 billion, from a cold wallet. 

Bybit explained that attackers successfully deceived its Ethereum multi-signature (multi-sig) cold wallet system. By modifying fundamental smart contract logic, the hackers gained full ownership over the wallet. Then, the hackers were able to transfer all wallet funds to unexpected destinations.

In an announcement after the breach, the platform provided users with reassurance about their deposit safety.

Returning the 47,800 ETH

The transfer of 47,800 ETH worth $113.97 million was recorded in blockchain records between Bybit: Cold Wallet (0x88a) and Binance Deposit (0x667). A major transfer of funds from Bybit demonstrates that the exchange has fulfilled its debt obligations to the whale/institution thus restoring market stability.

Hours before the transaction, Bybit fully reinstated the funds it had originally borrowed from Bitget. During this transaction, the exchange returned 40,000 ETH, which is valued at $99.98 million, to Bitget.

Market Implications and Outlook

The hackers’ true intentions about the stolen ETH cannot be determined. However, news is circulating about the link between the Bybit and Phemax hacks, showing that the same entity carried out both hacks. These security breaches are thought to have been carried out by North Korean hackers known as the Lazarus group. 

The exchange’s fast fund replacement and its clear investigation of the attack managed to reduce the instant damage to their operations.

Bybit demonstrates financial stability by maintaining operational stability in the majority of exchange functions which enhances user confidence. The crypto community is observing whether Bybit can recover stolen funds after this breach while rebuilding client confidence through its enhanced security measures.