In a shocking turn of events, cryptocurrency exchange Bybit has been hit by a massive hack, resulting in the theft of approximately $1.4 billion in Ethereum, believed to be the largest crypto heist in history. In response, the company is offering a staggering $140 million in bounties to anyone who can help trace and freeze the stolen funds.

Bybit's CEO and co-founder Ben Zhou announced the bounty in a post on X, stating that the company will not stop until the perpetrators, believed to be North Korean-backed hackers, are brought to justice. The bounty program is designed to incentivize individuals to help track down the stolen funds, with 5% of the recovered amount going to the person who traces the funds and 5% to the entity that freezes them.

At the time of writing, Bybit has already awarded $4.23 million in bounties to five bounty hunters who have successfully traced and frozen some of the stolen funds. The company's commitment to recovering the stolen funds is evident in its willingness to collaborate with the cybersecurity community and offer substantial rewards for assistance.

The hack is believed to be the work of Lazarus Group, a broad group of North Korean-backed hackers focused on cryptocurrency thefts. According to multiple security researchers and crypto security and monitoring firms, the North Korean government has become increasingly effective at targeting crypto exchanges and web3 companies, stealing a staggering $650 million in crypto in 2024 alone.

The preliminary results of the forensic investigation into the hack, led by Sygnia Labs and Verichains, have shed some light on the attack vector. The investigation concluded that the "root cause" of the attack was malicious code coming from the infrastructure of SafeWallet, a crypto wallet platform. The hackers breached a developer's device at SafeWallet, replacing a benign Javascript file with a malicious version specifically targeting Ethereum Multisig Cold Wallet of Bybit.

The incident highlights the ongoing threat posed by state-sponsored hackers to the cryptocurrency industry. As the industry continues to grow, it is essential for exchanges and wallet providers to prioritize security and collaborate with the cybersecurity community to prevent such attacks in the future.

Bybit's bold move to offer a massive bounty is a step in the right direction, demonstrating the company's commitment to recovering the stolen funds and bringing the perpetrators to justice. As the investigation continues, it remains to be seen whether the bounty program will be successful in tracing and freezing the stolen funds, but one thing is certain – the cryptocurrency industry will be watching closely.