In one of the most dramatic responses to a cryptocurrency heist in history, Bybit has launched a global initiative offering up to **$140 million in rewards** for help tracking and freezing assets stolen during a massive cyberattack attributed to the North Korean hacking group Lazarus. The exchange, reeling from an estimated $1.4 billion breach, is taking an unprecedented step by opening its investigation to the public — inviting crypto users, analysts, and security experts worldwide to become “bounty hunters” in a coordinated effort to dismantle the attackers’ financial pipeline.
This bold move marks a turning point in how the crypto industry responds to large-scale thefts, combining transparency, community engagement, and financial incentives to fight back against sophisticated cybercriminals.
The Largest Crypto Heist in History
On a Friday in February 2025, Bybit suffered what is now considered the largest single crypto theft ever recorded. Approximately $1.4 billion worth of digital assets were siphoned off by hackers linked to Lazarus Group, a state-sponsored cybercrime syndicate known for high-profile attacks on exchanges and blockchain networks.
Within hours, Bybit confirmed the breach and began coordinating with blockchain security firms and law enforcement agencies. But instead of relying solely on traditional forensic methods, CEO Ben Zhou announced a radical new strategy: launching a public-facing bounty platform dedicated to tracking every movement of the stolen funds.
"We are at war with Lazarus," declared Zhou in a tweet on February 25, 2025. "This is the first fully transparent bounty site that aggregates real-time data on sanctioned money laundering activities."
👉 Join the global effort to trace stolen crypto assets and earn rewards for your contributions.
A Transparent Bounty System Like No Other
Bybit’s newly launched platform allows anyone to participate in the investigation by connecting their digital wallets and analyzing transaction flows across blockchains. The system provides real-time visibility into over 6,338 wallet addresses associated with Lazarus’ laundering operations.
The reward structure is designed to incentivize both detection and action:
- 5% reward (up to $70 million) for individuals or entities that assist in tracing and identifying stolen funds.
- An additional 5% reward (another $70 million) for exchanges, mixers, or custodial services that successfully freeze or recover assets.
This dual-tier bounty model ensures that both intelligence gatherers and enforcement actors are compensated — creating a powerful ecosystem of cooperation across the decentralized space.
As of the latest update, approximately $42.3 million — about 3% of the total stolen amount — has already been frozen thanks to early interventions.
How You Can Help Track the Hackers
Participation is straightforward but requires technical awareness:
- Visit the official bounty site (operated by Bybit).
- Connect your Web3 wallet securely.
- Analyze fund flows using provided analytics tools.
- Submit actionable intelligence on suspicious transactions or wallet clusters.
- Earn rewards if your input leads to successful fund freezing.
The platform uses advanced on-chain analysis powered by blockchain forensics partners to verify contributions and ensure only valid claims are rewarded.
Ben Zhou emphasized that this isn’t just about recovering funds — it’s about setting a precedent.
“We’ve formed a dedicated team that will continuously update this platform. We won’t stop until Lazarus and all bad actors in our industry are eradicated.”
He also revealed plans to open the platform to other victims of Lazarus attacks, potentially turning it into an industry-wide defense mechanism against future breaches.
Why This Response Matters for Crypto Security
Historically, major hacks have often ended in partial or total loss of funds, with little recourse for recovery. The Mt. Gox collapse, Coincheck theft, and Ronin Network breach all saw millions vanish into opaque laundering chains — many of which were later linked to Lazarus.
Bybit’s proactive approach shifts the paradigm:
- Full transparency: Real-time dashboards show where stolen funds are moving.
- Community-powered defense: Leverages global expertise beyond internal teams.
- Economic disincentive for criminals: Public tracking increases risk for money launderers.
This model could become a blueprint for how crypto organizations respond to threats — not with silence or PR damage control, but with open warfare.
Frequently Asked Questions
What is the total bounty offered by Bybit?
Bybit is offering up to **$140 million** in bounties — equivalent to 10% of the $1.4 billion stolen. Half goes to those who help trace the funds, and half to those who freeze or recover them.
Who is behind the attack on Bybit?
The attack has been attributed to the Lazarus Group, a North Korea-linked hacker collective responsible for numerous high-profile cyberattacks on financial institutions and blockchain platforms since 2017.
Can anyone participate in tracking the stolen funds?
Yes. The bounty program is open to the public. Anyone can connect their wallet and contribute insights. However, technical knowledge of blockchain analytics improves effectiveness.
Has any money been recovered so far?
Yes. As of the latest report, approximately $42.3 million has been frozen across various wallets used by the attackers — roughly 3% of the total stolen amount.
How does Bybit verify who deserves a reward?
Submissions are analyzed using blockchain forensics tools and cross-referenced with freezing events. Only verifiable contributions that lead directly to fund recovery will be rewarded.
Will this platform be used for future attacks?
Bybit plans to expand the platform beyond this incident. It may serve as a shared resource for other projects targeted by Lazarus or similar threat actors.
A New Era of Decentralized Defense
The Bybit breach underscores the ongoing risks in the digital asset space — but its response offers hope. By embracing radical transparency and crowd-sourced intelligence, the exchange is proving that the crypto community can fight back collectively.
This isn’t just about recovering lost funds; it’s about sending a message: attacks on decentralized ecosystems will be met with unified resistance.
As more participants join the hunt — from individual analysts to major exchanges — the pressure mounts on cybercriminals who once operated in near-total anonymity.
👉 Learn how you can turn blockchain analysis skills into real-world impact and rewards.
With over 6,300 malicious addresses already mapped, and recovery efforts underway, this campaign could redefine how we think about security in Web3. In a world where code is law, perhaps accountability must also be open-source.
For now, the hunt continues — and the clock is ticking for Lazarus.