Bybit’s market share has rebounded to pre-hack levels following a $1.4 billion exploit in February, as the crypto exchange implements tighter security and improves liquidity options for retail traders.
The crypto industry was rocked by its largest hack in history on Feb. 21 when Bybit lost over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH) and other digital assets.
Despite the scale of the exploit, Bybit has steadily regained market share, according to an April 9 report by crypto analytics firm Block Scholes.
“Since this initial decline, Bybit has steadily regained market share as it works to repair sentiment and as volumes return to the exchange,” the report stated.
Block Scholes said Bybit’s proportional share rose from a post-hack low of 4% to about 7%, reflecting a strong and stable recovery in spot market activity and trading volumes.
Bybit’s spot volume market share as a proportion of the market share of the top 20 CEXs. Source: Block Scholes
The hack occurred amid a “broader trend of macro de-risking that began prior to the event,” which signals that Bybit’s initial decline in trading volume was not solely due to the exploit.
Related: Can Ether recover above $3K after Bybit’s massive $1.4B hack?
It took the Bybit hackers 10 days to launder all the stolen Bybit funds through the decentralized crosschain protocol THORChain, Cointelegraph reported on March 4.
Source: Ben Zhou
Despite efforts, 89% of the stolen $1.4 billion was traceable by blockchain analytics experts.
Related: THORChain generates $5M in fees, $5.4B in volume since Bybit hack
Lazarus Group’s 2024 pause was repositioning for Bybit hack
Blockchain security firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the likely culprit behind the Bybit exploit, as the attackers have continued swapping the funds in an effort to render them untraceable.
Illicit activity tied to North Korean cyber actors declined after July 1, 2024, despite a surge in attacks earlier that year, according to blockchain analytics firm Chainalysis.
The slowdown in crypto hacks by North Korean agents had raised significant red flags, according to Eric Jardine, Chainalysis cybercrimes research Lead.
North Korean hacking activity before and after July 1. Source: Chainalysis
North Korea’s slowdown “started when Russia and DPRK [North Korea] met for their summit that led to a reallocation of North Korean resources, including military personnel to the war in Ukraine,” Jardine told Cointelegraph during the Chainreaction show on March 26, adding:
“So, we speculated in the report that there might have been additional things unseen in terms of resources reallocation from the DPRK, and then you roll forward into early February, and you have the Bybit hack.”
https://t.co/jOlqMt4Hag
— Cointelegraph (@Cointelegraph) March 26, 2025
The Bybit attack highlights that even centralized exchanges with strong security measures remain vulnerable to sophisticated cyberattacks, analysts said.
The attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack, according to Meir Dolev, co-founder and chief technical officer at Cyvers.
Magazine: Trump’s crypto ventures raise conflict of interest, insider trading questions
Be the first to comment