The globally renowned cryptocurrency exchange Bybit recently suffered a massive hack, resulting in a staggering loss of $1.5 billion. Just as CEO Ben Zhou signed off on a transfer of 30,000 ETH, the CFO called to inform him that the entire wallet had been emptied by hackers, with over 400,000 ETH stolen. The incident quickly sent shockwaves through the crypto community, with widespread speculation about whether Bybit would collapse or even “exit scam.”

However, Ben Zhou chose to face the crisis head-on. Within 40 minutes, he went live to transparently explain the situation to global users, emphasizing that Bybit held $3 billion in stablecoin reserves and could fully cover the losses. He even encouraged users to withdraw funds to prove that Bybit maintained a 1:1 asset reserve, showcasing strong liquidity.

In a recent interview with the popular YouTube channel When Shift Happens, Ben Zhou publicly shared the details of how he handled the crisis for the first time and offered his insights on the future of the crypto industry.

Hack Details: 400,000 ETH Vanished—Where Was the Security Vulnerability?

Ben Zhou revealed that the hacked wallet was Bybit’s Ethereum cold wallet, which held approximately 410,000 ETH. When he received the call from the CFO, he initially thought only 30,000 ETH had been transferred. However, upon hearing that the “entire wallet” had been drained, resulting in a $1.5 billion loss, he was utterly shocked.

Ben Zhou’s First Reaction When the Hack Occurred

Ben Zhou received the call from the CFO at 10 PM on a Friday night and immediately sensed bad news. The CFO usually communicated via messages, so a direct call was already a red flag. When he answered, he heard not only the CFO’s voice but also members of the security team on the line, confirming his suspicion: “This is likely a hack.”

Just before the call, he had signed off on a transfer of 30,000 ETH, so his first thought was to calculate the value of that amount. However, before he could finish, the CFO said in a trembling voice, “Ben, it’s bad.” Feeling uneasy, Ben Zhou asked, “Were we hacked?” The CFO replied, “Yes.”

Ben Zhou pressed further: “Did we lose all 30,000 ETH?”

The CFO’s voice shook even more: “It’s worse than that. It looks like the entire cold wallet was hacked.”

At this point, Ben Zhou felt a wave of tension. He asked, “The entire wallet? How much was in it?”

The CFO responded, “Around 400,000 to 410,000 ETH.”

Still processing the numbers, Ben Zhou asked, “How much is that in USD?”

When the CFO said, “$1.5 billion,” Ben Zhou felt a sinking feeling in his stomach and began to sweat. He recalled signing off on a transaction just 30 minutes earlier, which had already felt off, but now the gravity of the situation hit him fully.

However, he knew there was no time to panic or dwell on the loss. The only thing that mattered was how to respond to the crisis. He told himself, “This is not the time to worry about losses or consequences. I need to focus and make decisions now.”

Within about 10 seconds, he calmed himself down and began asking critical questions to ensure he could formulate a response plan with a full understanding of the situation.

Key Question 1: How Did the Hackers Breach the System?

Ben Zhou immediately asked the security team, “How did this attack happen?”

The team responded, “We believe the hackers exploited the transaction you just signed, which led to the compromise of the entire cold wallet.”

Key Question 2: Are Other Wallets Safe?

Realizing that if one wallet was compromised, others might also be at risk, Ben Zhou asked, “What about our other wallets? Are they still secure?”

The security team replied, “We’ve confirmed that only this specific wallet was attacked. The others remain safe.”

Still, Ben Zhou pressed further: “Are you 100% sure? This answer will directly impact my next decisions.”

After repeated confirmations, the team assured him, “Only this cold wallet was compromised. Other assets are unaffected.”

This led Ben Zhou to consider whether the entire Bybit system had been breached or if the issue was limited to a third-party cold wallet vulnerability. He asked, “What technology does this hacked cold wallet use?”

The team responded, “It’s a Gnosis Safe wallet. Our Ethereum cold wallets have always used this technology.”

This made Ben Zhou wonder: “Is there a vulnerability in Gnosis Safe itself? If so, all companies using this technology could be at risk.”

Key Question 3: What Other Funds Are Safe?

Ben Zhou needed to know if Bybit still had enough funds to continue operations. He asked the CFO, “What other wallets do we have, and how much is in them?”

The CFO replied, “We have a stablecoin (USDT) wallet with $3 billion.”

Ben Zhou immediately asked, “Is the $3 billion confirmed safe?”

After repeated confirmations, the security team assured him, “Yes, the $3 billion is safe.”

This answer gave him some relief, as it meant Bybit still had sufficient capital reserves to handle the crisis.

Key Question 4: Can the Company Absorb the Loss?

After confirming the safety of the remaining assets, Ben Zhou asked, “Can we cover the $1.5 billion loss with our own funds?”

The CFO responded, “Yes.”

This answer was a turning point for Ben Zhou, as it meant:

• Bybit was not on the verge of bankruptcy, and customer assets remained safe.
• He did not need to seek external investors to cover the loss.
• The crisis was still within his control.

When the CFO said “yes,” Ben Zhou finally took a deep breath and felt confident: “We can get through this.”

Entering Command Mode: Full Crisis Response

After confirming the scope of the loss and the remaining funds, Ben Zhou immediately shifted into command mode:

1. Notified Bybit’s Chief Operating Officer (COO) to activate the internal crisis response mechanism (P-1 emergency protocol).
2. Initiated a public relations strategy to prevent market panic.
3. Arranged fund allocation to replenish the Ethereum reserves and maintain the 1:1 asset backing.
4. Developed a follow-up action plan to ensure Bybit could weather the storm.

The entire process took just 10 seconds of冷静思考, followed by swift decision-making and action.

Ben Zhou described it as: “Those 10 seconds of decision-making determined whether Bybit would survive.”

The Root Cause: Gnosis Safe Vulnerability

The main issue behind the hack was Bybit’s reliance on the Gnosis Safe cold wallet solution, a widely used multi-signature smart contract system in the industry. Despite Bybit’s internal security team implementing the strictest protections, the hackers still found a way in.

Ben Zhou admitted that Bybit would now fully transition to an internally developed cold wallet solution, eliminating reliance on third-party technologies to ensure fund security.

Immediate Response: How Bybit Prevented a “Bank Run”

Faced with this sudden crisis, Ben Zhou decided to allow all users to freely withdraw funds while quickly securing temporary loans to cover the ETH shortfall. This decision broke the industry norm of “suspending withdrawals” after a hack and earned Bybit high praise.

He emphasized, “Our assets are 1:1 backed. The only issue was the stolen ETH, but we have enough stablecoins and Bitcoin to cover the gap.”

Bybit collaborated with institutional investors to replenish all ETH within 72 hours, restoring 100% reserves and stabilizing market confidence.

Industry Reaction: Bybit vs. FTX—Transparency as the Key

When news of the hack broke, many immediately drew parallels to the 2022 collapse of FTX. However, Bybit’s crisis management stood in stark contrast to FTX’s chaos. Ben Zhou’s swift transparency, open withdrawals, and assurance of user asset safety earned Bybit even more trust from its users.

In the When Shift Happens interview, he stated, “This incident will define Bybit’s next decade. We must demonstrate professionalism and transparency to prove we can overcome this crisis.”

Launching the Hack Bounty Platform

The hack prompted Bybit to invest resources in tracking hacker funds and helping the broader crypto industry combat malicious actors. Ben Zhou announced the upcoming launch of HackBounty.crypto, the world’s first transparent platform dedicated to tracking hacker funds.

How HackBounty Works:

1. Hacker Fund Tracking: The platform collects all blockchain transaction data related to hackers, helping victims trace fund flows.
2. Ranking and Alert System: Lists which exchanges, bridges, or mixers “assisted” hackers in laundering funds and monitors their response times.
3. Bounty System: Users can register as “bounty hunters” and submit leads on hacker funds. Successful recoveries are rewarded.

Ben Zhou stated, “Blockchain’s transparency is our greatest weapon. We will use it to fight hackers. This isn’t just about helping Bybit—it’s about helping the entire industry.”

Future Development: How Bybit Will Rise from the Crisis

Despite the short-term impact of the hack, Ben Zhou views it as a victory in a larger battle—he not only saved Bybit but also demonstrated how an exchange can remain stable during a crisis.

Key takeaways from the incident include:

• Strengthening Cold Wallet Security: Bybit will fully adopt internally developed wallet solutions to avoid third-party dependencies.
• Enhancing Asset Management Strategies: Funds will be distributed across multiple wallets to ensure liquidity even if one is compromised.
• Building a Hacker Tracking Ecosystem: Through HackBounty, the global community can participate in tracking hacker funds, improving industry security.

This incident once again proves that in the crypto world, transparency and trust are paramount. Bybit’s rapid response showcased the responsible attitude a leading exchange should have.

“We will not fall. This incident has only made us stronger,” Ben Zhou concluded in the interview.