$1.46 billion worth of ETH was stolen from Bybit Exchange. Fund reserves and custody are very important!

  • Major Security Breach: Bybit Exchange suffered a $1.46 billion ETH theft on February 21, as reported by on-chain detective ZachXBT, marking one of the largest crypto hacks in recent history.
  • Market Impact Minimal: Despite the breach, the crypto market remained stable, supported by Bybit's $16.2 billion reserves (covering 8.64% of stolen funds) and $4 billion in post-incident inflows from institutions like Bitget and MEXC.
  • Key Takeaways:
    • Reserves Critical: Bybit's sufficient reserves and transparent audits helped mitigate panic, enabling uninterrupted withdrawals and trust.
    • Custody Flaws Exposed: Hackers exploited social engineering via front-end UI vulnerabilities, bypassing multi-signature/cold wallet safeguards. SlowMist cited compromised internal devices as a factor.
    • Regulatory Focus: The EU MiCA Act and Hong Kong SFC emphasize reserve adequacy (e.g., 12-month liquid assets) and custody standards (98% cold storage, third-party audits).
  • Industry Lessons:
    • Platforms must enhance front-end security, decentralize storage, and enforce strict internal device controls.
    • Regulators should mandate insurance, cross-jurisdictional recovery protocols, and real-time incident disclosure.
  • Expert Insight: Attorney Mankiw highlights reserves and custody as foundational but urges proactive measures against evolving attack vectors like intranet infiltration.

(Summary adheres to guidelines: markdown-formatted, no titles, under 800 words.)

Summary

Author of this article: Iris, Bai Qin Lawyer

The cryptocurrency market has been turbulent recently. The MEME market was turbulent some time ago, and a large number of Web3 users suffered heavy losses. Recently, the protagonist has become the well-known virtual asset exchange Bybit. According to the monitoring of the on-chain detective ZachXBT, Bybit had a suspicious fund outflow of more than 1.46 billion US dollars at midnight on February 21. Subsequently, ZachXBT confirmed that the incident was a security incident.

$1.46 billion worth of ETH was stolen from Bybit Exchange. Fund reserves and custody are very important!

*Image source: ZachXBT TG Channel

With such a huge amount of stolen funds, some people predict that the incident may have a significant negative impact on the virtual asset market. However, according to CoinMarketCap data, the overall market sentiment index has not fluctuated significantly.

$1.46 billion worth of ETH was stolen from Bybit Exchange. Fund reserves and custody are very important!

This phenomenon is due to support from many aspects:

  • After the incident, Bybit CEO issued statements several times, saying that the stolen funds would not affect the security of customer assets; its financial audit also proved that Bybit had sufficient reserves to cover user assets; at the same time, Lookonchain tweeted that according to CoinMarketCap data, Bybit had US$16.2 billion in reserve assets before being hacked, and the stolen funds accounted for only about 8.64%.

  • Many institutions and individuals have deposited funds into Bybit to support Bybit through the current difficulties, including Bitget, MEXC and several whales. According to statistics from SoSoValue and the latest monitoring data from the on-chain security team TenArmor, 12 hours after the security incident, Bybit's capital inflow exceeded US$4 billion, covering all the stolen funds losses.

Judging from the current situation, this security incident is developing in a positive direction. In this regard, lawyer Mankiw believes that the asset reserve and custody of virtual assets obviously played a key role in this incident. This is why both the EU MiCA Act and the Hong Kong SFC's latest virtual asset market supervision roadmap have put forward important and clear regulations on this.

The core significance of capital reserves

In fact, when regulators in major countries and regions around the world began to guide and supervise virtual asset trading platforms, asset reserves were the key basis for evaluating whether a trading platform was capable of providing trading services. The Bybit hacking incident once again reminded the industry and regulators of the important role of asset reserves in ensuring platform stability, responding to emergencies and enhancing market trust.

So, what is capital reserve and what core role does it play in virtual asset trading platforms?

In the virtual asset market, capital reserves are emergency funds pools that enable trading platforms to maintain normal operations when facing market fluctuations, hacker attacks or liquidity crises. Its core function is not only to provide liquidity guarantees for the platform, but also to ensure the solvency of the platform when a crisis occurs, so that user funds can be compensated in a timely manner. For example, in this hacking incident, the Bybit platform not only responded to the potential trust crisis through sufficient capital reserves, but also continued to support customers' withdrawal needs, avoiding large-scale market panic or user runs.

Therefore, the reserve fund management of virtual asset trading platforms must comply with industry compliance requirements to ensure that they can continue to operate normally when a crisis occurs.

Generally, the size of a virtual asset platform's reserve fund is determined by the platform's trading volume, customer asset size, and potential risk assessment. However, according to regulatory frameworks such as the Hong Kong Securities and Futures Commission (SFC) and the EU MiCA Act, virtual asset trading platforms should not only maintain sufficient capital reserves, but also meet a series of specific compliance standards.

For example, in the application of the Hong Kong Securities and Futures Commission (SFC) to VATP, it is required that:

  • A virtual asset trading platform must maintain a paid-up share capital of not less than HK$5 million;

  • The platform should hold sufficiently liquid assets, such as cash, deposits, treasury bills and certificates of deposit (but excluding virtual assets), in an amount at least equal to the platform operator’s actual operating expenses for 12 months calculated on an ongoing basis;

  • The platform must also maintain liquid capital, which usually refers to assets that can be converted into cash immediately or in a relatively short period of time, such as cash and short-term deposits. Liquid capital should be at least equal to the platform's total debt basis to ensure timely repayment in the event of a crisis;

  • Ensure that in the event of theft or loss of funds, the platform can still provide 1:1 support to customers.

At the same time, virtual asset trading platforms must also ensure the adequacy of capital reserves through independent third-party audits and disclose their financial status to regulators on a regular basis. The audit report should cover the amount, liquidity and risk management strategy of the reserve funds to ensure that they meet regulatory requirements. In addition, the platform also needs to transparently disclose the use of reserve funds so that regulators and market participants can assess the financial health of the platform.

Necessary rules for asset custody

Asset custody is an important mechanism used by virtual asset trading platforms to ensure the safety of customer funds. The platform uses management and technical means, such as multi-signature, cold wallet storage, and asset separation strategies, to achieve safe storage and independent management of customer funds to prevent funds from being stolen or abused. At the same time, asset custody also requires the platform to be able to transparently display the process of fund storage and management, so that investors and regulators can clearly understand how the platform manages customer assets.

Back to the Bybit security incident, some analysts pointed out that Bybit's fund custody method uses multi-signature and cold wallet storage, which is one of the industry's standard custody methods. But why are the assets still stolen? According to an article by the well-known security company SlowMist, the key reason for this incident is that hackers used social engineering attacks through front-end UI vulnerabilities to induce signers to sign malicious transactions on a forged interface. At the same time, SlowMist Technology's Chief Information Security Officer 23pds speculated that there must be more than one macOS or Windows computer that was controlled, and the attacker may have stayed in the intranet for some time and was able to monitor internal chats, transfer times and other information.

However, it is clear that Bybit also used a decentralized storage strategy for asset custody and effectively isolated most of the funds in this security incident, avoiding greater losses. In Bybit’s response, there is a similar description: only a single cold wallet fund was lost, and other cold wallets did not have any problems.

Asset custody can be regarded as the last line of defense for virtual asset trading platforms. Therefore, in addition to the most basic industry standards, regulators in some countries and regions have also established compliance standards for asset custody.

Still taking the regulatory framework of the Hong Kong Securities and Futures Commission (SFC) as an example, the core requirements are:

  • In terms of storage methods, virtual asset trading platforms need to ensure that customers' virtual assets are completely isolated from their own assets; ensure that 98% of customers' virtual assets are kept in cold storage; the storage and access methods and procedures of virtual assets meet security requirements, especially key management and the use of encryption technology; in addition, it is necessary to regularly disclose the specific management methods of escrow funds and make good information disclosure.

  • In terms of security, it is recommended to enhance the transparency and security of custody through real-time transaction monitoring and third-party independent audits; the platform must also provide sufficient safeguards to prevent asset loss or abuse; and technologies such as hardware security modules (HSM) can be used to manage and protect keys. The procedures for storing, using and destroying keys should be transparent and in line with industry standards.

At the same time, virtual asset trading platforms should regularly monitor and audit the security of customers' virtual assets, especially during the transfer and transaction of customer funds, and the platform should be able to prove its compliance with compliance requirements. In addition, the platform also needs to establish insurance and compensation arrangements to ensure that it can provide corresponding protection for customers' virtual asset losses.

In addition to their own asset custody, virtual asset trading platforms will also cooperate with third-party custodians for custody. For this, the SFC also has certain regulatory requirements, such as independence and compliance, asset isolation and protection, and corresponding security audits, technical standards, information disclosure and other requirements.

Attorney Mankiw's Summary

In the face of hacker attacks, sufficient reserves ensure the platform's solvency, while a perfect custody mechanism reduces the risk of customer funds.

However, this incident also exposed the platform's shortcomings in front-end security and internal risk management, indicating that relying solely on custody is not enough to completely prevent attacks. And this is not just an isolated case. In 2024, WazirX, Radiant Capital, and DMM also lost tens of millions or even hundreds of millions of dollars due to this method.

Therefore, Mankiw believes that virtual asset trading platforms need to strengthen security in the following aspects:

  • The platform must regularly conduct security audits and vulnerability repairs on the front-end system, especially on the signature operation interface involving fund transfers, to ensure that any signature request is strictly verified to prevent malicious forgery of transactions.

  • Prevent hackers from attacking through intranet penetration. Virtual asset trading platforms can implement strict management of employee devices, such as installing endpoint protection software, using VPN and two-factor authentication, to ensure corporate network security.

  • In addition to ensuring that customer assets are isolated from the platform's own funds, virtual asset trading platforms should adopt a decentralized storage strategy to reduce the risk of theft of a single cold wallet, while combining hardware security modules (HSM) and advanced encryption technology to strengthen key management.

For regulators, as security incidents continue to occur, they can refine the regulatory framework and standards in a more targeted manner in the future:

  • Further clarify the custody requirements of virtual asset platforms, especially the proportion of cold storage, technical standards for key management, and the platform's disclosure obligations on capital flows and reserves. In addition, it is necessary to introduce insurance mechanisms to enhance investor protection.

  • Platforms are encouraged to cooperate with licensed third-party custodians and strengthen cross-institutional information sharing within the regulatory framework to monitor the security status of platforms in a timely manner and prevent similar incidents from occurring.

  • For security incidents, emergency response standards can be implemented to improve the virtual asset trading platform's ability to handle security incidents, such as the shortest disclosure time for security incidents, asset recovery plans, and regular disclosure.

  • Establish a cooperation mechanism among law enforcement agencies and establish cross-jurisdictional asset freezing and recovery coordination procedures to increase the success rate of recovering hacker funds.

The security of fund reserves and custody is not only related to the operational stability of the platform, but also to the trust and healthy development of the entire industry. Therefore, virtual asset trading platforms and global regulators must work together to provide a more transparent and secure environment for the market by improving compliance standards and strengthening security measures.

Share to:

Author: 曼昆区块链

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: 曼昆区块链. Please contact the author for removal if there is infringement.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
13 hour ago
14 hour ago
16 hour ago
17 hour ago
19 hour ago
2025-12-19 15:12

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读