Bybit Guide

Understanding the LazarusBounty Program: How to Join Bybit’s Initiative Against Lazarus Group

Beginner
Bybit Guide
26 Feb 2025

What Happened

On Feb 21, 2025, at 02:16 PM UTC, an exploiter breached one of Bybit’s Ethereum cold wallets, siphoning out $1.4 billion worth of ETH, stETH, cmETH and mETH. Hackers used a sophisticated phishing attack to change smart contract logic during a routine ETH transfer from Bybit’s cold wallet to a hot wallet.

According to the independent investigator ZachXBT the stolen funds are linked to the Lazarus Group (allegedly run by North Korea’s government), who were involved in previous high-profile exploits involving the Phemex and BingX cryptocurrency exchanges.

EN_2409-T35020_Learn_Read_to_Earn_728x90.png

Enhanced Bounty Rewards Program

The entire crypto community has thus far played a major part in Bybit’s swift and effective response. From efforts by on-chain investigators, such as ZachXBT, Arkham Intelligence, Beosin, TRM Labs, Halborn and others — who helped shed light on the addresses used by Lazarus Group and the flow of funds — to support from other industry players like Tether, Bitget, MEXC, DWF Labs and countless others, the crypto industry has rallied together in a sign of unity.

Bybit announced an enhanced Recovery Bounty Program that’s now offering a 10% reward for successful recovery of the missing funds. 

Furthermore, Bybit has also released a new API which will update a blacklist of suspicious wallet addresses that have been identified as being linked to Lazarus Group. Through a collaborative effort, the API aims to help security experts and investigators in their efforts to track and recover hacked funds.

How to Participate in the Fund Recovery Program

Individuals and organizations interested in participating in the LazarusBounty Program can contact us via email at bounty_program@bybit.com.

What Is the LazarusBounty Program?

LazarusBounty is an industry-first bounty platform that’s specifically targeting the funds that have been illegally moved by the alleged North Korean state-backed Lazarus Group in the Bybit exploit.

The LazarusBounty program was launched in response to the unprecedented security breach on February 21, 2025.

The LazarusBounty Program aims to incentivize the crypto community to track, trace and freeze the stolen funds. The platform emphasizes full transparency, providing real-time data, live rankings and tools to expose and disrupt the money-laundering operations of the Lazarus Group. It’s a collaborative effort to hold hackers accountable and secure digital assets, with future plans to expand support to other victims of the Lazarus Group.

Ben Zhou, Bybit’s CEO, emphasized transparency as a key weapon against cybercrime, stating that "Bybit will not stop until Lazarus Group or bad actors in the industry are eliminated.” The Bybit platform aims to ensure each transaction is visible, and that every hacker is held accountable.

How Does the LazarusBounty Program Work?

LazarusBounty.png

Source: LazarusBounty

The LazarusBounty Program offers a 10% reward on recovered funds, distributed as follows:

  • Five percent (5%) for freezing funds: All participants involved in the freezing process — whether bounty hunters, exchanges, mixers or other platforms will receive 5% of the frozen amount. This incentivizes cooperation across the ecosystem to block the movement of illicit funds.

  • Five percent (5%) for tracing funds: Individuals or entities who successfully trace the illegally moved funds by submitting verified reports or identifying wallet addresses linked to the Lazarus Group will receive 5% of the recovered amount. This reward is paid instantly upon confirmation of the traced funds. 

Rewards are automatically disbursed upfront once the funds are frozen, ensuring quick and fair compensation for contributors.

The total bounty for the current exploit is $140 million, with over $4.2 million awarded to five bounty hunters at the time of this writing (Feb 25, 2025).

LazarusBounty also seeks to encourage exchanges, mixers and other industry players to act swiftly against sanctioned transactions, publicly ranking “good actors” who cooperate and “bad actors” who facilitate illicit activities, thereby setting a new standard for blockchain security.

How Users Can Participate in the LazarusBounty Program

Anyone can join this initiative as a “bounty hunter” by following the steps outlined below: 

  1. Connect Your Wallet: Users must connect their crypto wallets via LazarusBounty in order to participate. This allows them to submit reports and track their contributions. 

  2. Trace and Report Funds: Participants can use the platform’s live API updates, which provide real-time wallet address information — from exchanges, Chainalysis, Arkham, Elliptic and TRM Labs — to identify and trace the movement of stolen funds linked to the Lazarus Group. Users submit bounties by reporting suspicious transactions and/or wallet activities. 

  3. Earn Rewards: If a submitted bounty leads to the freezing of stolen funds, the bounty hunter receives an instant 5% reward for tracing, and an additional 5% is shared among all participants (including exchanges and mixers) involved in the freezing process. 

  4. Monitor Rankings: Users can track their progress and standing on the platform’s live leaderboard, which ranks “bounty hunters” based on verified reports, reported funds and frozen funds. They can also view the “good actors” and “bad actors” list, ensuring accountability across the crypto industry. 

  5. Provide Feedback: Bybit encourages users to leave comments and suggestions on the platform (or via social media) to help improve LazarusBounty. Version 2 is already in development and will include real-time wallet tracking, open bounties, and regulator tools.

By participating, users not only have the chance to earn rewards, but also to contribute to the broader mission of eliminating crypto crime and protecting the blockchain ecosystem from malicious actors like the Lazarus Group.

Skinny_Banner-1600x400.webp

Conclusion

This incident serves as a powerful testament to the cryptocurrency industry's capacity for unity and resilience in the face of adversity. The crypto community’s collective response underscores Bybit’s long-standing positive reputation and strong relationships within the industry.

Moreover, recovering these funds is crucial — and not just for Bybit. The U.S. Department of the Treasury has reported that the cryptocurrencies stolen by Lazarus Group were being used in part to fund North Korea’s growing nuclear weapons and ballistic missile programs.

The involvement of the Lazarus Group highlights a major industry challenge — cyberattacks by sophisticated state-sponsored hackers that threaten the entire crypto ecosystem. By uniting to combat this breach, the crypto community will not only showcase its ability to fight back against such threats but also set a precedent for future cooperation.

#LearnWithBybit