Cryptocurrency exchange Bybit has lost around $1.5 billion following what it calls "the worst hack in history."

The Dubai-based firm said hackers stole the crypto from its Ethereum coin digital wallet, likely using a masked user interface (UI) to exploit security features and then transferring the money to an unidentified address.

The company’s founder Ben Zhou told users via social media platform X that their funds were safe and that the firm would provide a refund to those affected by the hack, either from its own capital or by taking on loans from its partners.

Around ten hours after the attack, Bybit said it was experiencing the largest numbers of withdrawals it had ever seen, with over 350, 000 withdrawal requests. The company has since confirmed that its deposits and reserves are back to normal.

Crypto investigator ZachXBT is leading the investigation into the Bybit hack and has attributed it to North Korea's Lazarus Group.

The company said the Lazarus Group has been linked to several major cryptocurrency thefts, including the $625 million Ronin Network heist and the $100 million Atomic Wallet breach.
Bybit said it has also reported the incident to appropriate authorities and is working with on-chain analytics providers to track the stolen funds.

As part of the investigation and recovery efforts, Bybit said it will pledge 10 per cent of recovered funds to reward ethical cyber and network security experts who play an active role in retrieving the stolen cryptocurrencies in the incident.

Bybit added that it would produce a full incident report as well as a security audit over the following few days.

Zhou promised to personally keep customers posted on any new updates.

“We are extremely grateful and simply overwhelmed with all the support that we got, Zhou said on X. “This was a truly tragic event for Bybit but the industry showed strength united together. I have faith that it's only up from now.”

---