Bybit Returns to India After Compliance Hurdle and Major Hack

In the wake of regulatory challenges and a record-breaking cyberattack, cryptocurrency exchange Bybit has found itself at the center of two major industry developments. The exchange recently secured registration with Indian authorities, allowing it to resume operations in the country after a compliance-related suspension. At the same time, Bybit is actively responding to a $1.4 billion hack attributed to the North Korea-linked Lazarus Group. 

Bybit Resumes Operations in India After Government Registration, Overcomes Historic $1.4B Hack

Cryptocurrency exchange Bybit has officially registered with Indian government authorities, marking a significant milestone in its compliance efforts within the country. This development comes after the exchange was fined by India’s Financial Intelligence Unit (FIU) on Jan. 31 for violating the Prevention of Money Laundering Act (PMLA). As of Feb. 25, Bybit has restored all services to users in India, signaling its renewed commitment to operating within the country’s regulatory framework.

Bybit had initially suspended its services in India weeks before receiving the fine, citing concerns about compliance with local regulations. According to the FIU report, Bybit continued expanding its operations in the Indian market without obtaining the necessary registration, leading to a 9.27 crore rupee ($1.06 million) penalty. The persistent non-compliance ultimately prompted the FIU to block access to Bybit’s website under the Information Technology Act, effectively halting its operations in India.

With its new registration, Bybit has now taken the necessary steps to align with Indian regulatory requirements, enabling it to resume business in one of the world’s largest cryptocurrency markets.

Bybit’s return to India also shows the exchange’s broader commitment to regulatory adherence. With over 60 million users worldwide and operations in 1,174 markets, Bybit is a major player in the crypto trading space, making its compliance efforts in key jurisdictions vital for its long-term success.

Bybit’s regulatory victory in India follows one of the most significant security breaches in cryptocurrency history. On Feb. 21, 2025, just days before the exchange resumed operations in India, it fell victim to a devastating hack by the North Korean-affiliated Lazarus Group. The attack resulted in the theft of over $1.4 billion worth of Ether (ETH)-related tokens, making it the largest crypto theft ever recorded.

The breach exposed critical security vulnerabilities in centralized exchanges, with analysts highlighting the increasing sophistication of cybercriminal tactics in the crypto industry. Cybersecurity experts noted that the attack demonstrated the use of highly creative exploits, posing a growing challenge for even the most advanced security systems.

Bybit’s Recovery and Financial Stability

Despite the scale of the attack, Bybit swiftly responded to the crisis. By Feb. 22, an independent audit confirmed that the exchange still had more reserves than liabilities, ensuring the safety of user funds. However, the impact on Bybit’s assets was significant, with a reported $5.3 billion drop due to the hack and subsequent withdrawals.

Bybit CEO Ben Zhou reassured users that the exchange had stabilized. On Feb. 22, he announced that withdrawals had returned to a normal pace, and the platform had successfully addressed the immediate aftermath of the security breach. In a public statement, Zhou expressed gratitude for the support received from the crypto community, stating, “Within 24 hours of the event, we were overwhelmed with support from some of the best people and organizations in the industry, and we do not take it for granted. We have shared in a dark moment of crypto history.”

Bybit’s ability to navigate both regulatory and security challenges shows its resilience as a leading global cryptocurrency exchange. Its successful re-entry into the Indian market positions it for potential growth in a country with a rapidly expanding crypto user base, despite ongoing regulatory uncertainties.

The exchange’s handling of the Lazarus Group hack also demonstrates its ability to withstand major security breaches while maintaining financial stability. Moving forward, Bybit will likely intensify its security protocols to prevent future attacks and reinforce trust among its users.

As the crypto industry continues to evolve, exchanges like Bybit must balance regulatory compliance, security enhancements, and user confidence to thrive in an increasingly scrutinized and competitive landscape. Whether Bybit’s recent challenges serve as a learning experience or a harbinger of further struggles remains to be seen, but its latest developments shed light on the high stakes involved in the world of digital assets.

Bybit CEO Declares War on Hackers After $1.4 Billion Crypto Heist

In related news, less than a week after one of the largest hacks in cryptocurrency history, Bybit’s co-founder and CEO Ben Zhou has vowed to take decisive action against the perpetrators. The cryptocurrency exchange is now mobilizing efforts to track down and recover the stolen funds.

In a Feb. 25 post on X, Zhou urged the crypto community to rally behind Bybit in a campaign against the North Korea-affiliated hacking group known as Lazarus. As part of this initiative, Bybit has launched a dedicated bounty website that offers financial rewards for those who help intercept illegally moved funds.

“We have assigned a team to maintain and update this website, and we will not stop until Lazarus and bad actors in the industry are eliminated,” said Zhou. “In the future, we will open it up to other victims of Lazarus as well.”

According to the bounty program, individuals who freeze stolen assets will be entitled to a 5% reward, while those who successfully recover funds will receive a 10% bounty—potentially amounting to as much as $140 million.

Renowned blockchain security investigator ZachXBT identified Lazarus as the orchestrator of the Feb. 21 breach, which resulted in the theft of significant sums of liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. Bybit responded on Feb. 23, stating that it had fully replaced the stolen crypto and that client assets were back to 100% 1:1 reserves.

While some firms opt to negotiate with hackers and offer them bounties in exchange for the return of stolen assets, Zhou’s aggressive stance signals a shift in how major exchanges handle cyber threats. Bybit’s call for a coordinated effort to combat the Lazarus Group could potentially make it a target for future attacks, heightening the need for advanced security measures.

A Growing History of Crypto Heists Linked to North Korea

North Korean-backed hackers have been responsible for stealing over $3 billion from cryptocurrency exchanges between 2017 and 2023, according to security reports. The Bybit breach stands as the most costly single exploit in the industry’s history, surpassing the infamous $600 million Ronin Bridge hack in 2022.

Despite such alarming figures, blockchain security firm PeckShield reported in January 2024 that the number of hacks and scams has been declining since 2022. The firm attributed this trend to increased security awareness and improved defenses within the crypto ecosystem. However, phishing scams remain a significant threat, with billions lost to fraudulent schemes in recent years.

The Bybit hack serves as a stark reminder of the persistent security challenges in the crypto space. While the exchange’s quick action to replace stolen assets demonstrates financial resilience, the broader implications of such an attack cannot be ignored. Industry leaders may need to reassess existing security protocols, strengthen defense mechanisms, and explore collaborative initiatives to mitigate the risks posed by state-sponsored cybercriminals.

With Bybit now leading the charge against Lazarus, the crypto community will be watching closely to see whether the bounty initiative yields results—or if further security breaches will test the industry’s ability to combat increasingly sophisticated cyber threats.