Reinforced Wallet Systems and Hardware Controls
Cryptocurrency exchange Bybit has taken significant steps to upgrade its security infrastructure after suffering a cyberattack in February that resulted in the loss of over $1.4 billion worth of digital assets. The breach targeted staked Ether variants and a range of ERC-20 tokens, marking it as one of the most impactful hacks in the industry’s history.
In response, the platform introduced tighter safeguards around how it handles and stores crypto holdings. Bybit enhanced the way it manages cold wallets—which are offline storage solutions—by implementing multi-layered access protocols. These now require joint approval from multiple parties before any transaction can be authorised, ensuring no individual can move assets unilaterally.
According to Countelegraph, the company has also upgraded its physical security systems by centralising and reinforcing the hardware modules that secure wallet keys. These enhancements were designed to raise the bar for how sensitive cryptographic materials are protected against intrusion.
Image 1: Bybit (Source: Unsplash)
Information Security and System Certifications
Beyond wallet protections, Bybit has focused on broader information security practices across its operations. It has secured ISO/IEC 27001 accreditation, an internationally recognised standard for managing information security risks, and has overhauled its internal data processes to meet this framework.
Customer and staff communications are now encrypted to prevent any interception of sensitive details. This includes both stored data and real-time exchanges across the platform’s infrastructure. These changes aim to limit exposure in case of future security incidents and reflect a commitment to safeguarding client information.
Ronghui Gu, co-founder of blockchain security firm CertiK, commented that attackers have shifted their tactics, focusing more on tricking people than on breaking into software systems. This shift has influenced how companies like Bybit approach staff training and protocol development.
Liquidity Recovery and Market Resilience
Despite the scale of the breach, Bybit reports that it has regained most of its pre-attack liquidity levels.
The company credits part of this bounce-back to its Retail Price Improvement (RPI) function, which helps attract institutional activity by offering improved pricing for larger trades. Bybit used this feature actively during the recovery period to help keep trading stable while other sources of liquidity were strained.
Ben Zhou, the chief executive officer of Bybit, said the team worked quickly to restore platform stability and regain trader confidence. He stated that the RPI mechanism played an important role during a period when traditional liquidity sources had temporarily reduced activity.
Image 2: (Source: Finance Magnates)
Pursuit of Stolen Funds
Alongside its technical upgrades, Bybit has continued efforts to trace and recover the stolen crypto. The company launched an initiative known as the LazarusBounty, encouraging individuals to share actionable intelligence. As part of this program, Bybit has distributed over $2.3 million in rewards to contributors who assisted with tracking down funds or identifying suspicious activity.
While details of ongoing investigations have been kept limited, the bounty program remains active and serves as a long-term tool for potential recovery. The company said it plans to continue using both internal forensics and community support to trace the movement of stolen assets.
Read Also: Crypto Crime Violence: The Dark Reality of Digital Wealth
A spokesperson from Bybit noted that many recent attacks, including this one, appear to involve complex methods such as impersonating reputable services or brands in order to trick users or staff. This has reinforced the importance of awareness training and stricter internal controls.
While Bybit’s recovery was rapid in technical and financial terms, the firm has recognised that digital threats continue to evolve. The adjustments made in response to the February attack shows a shift in the company’s broader security strategy—one that now puts equal weight on system hardening, staff training, and operational discipline.
