Bybit, the second largest cryptocurrency exchange in the world by trading volume, has announced an extensive overhaul of its security infrastructure following a devastating cyberattack that occurred on February 21.
On that occasion, the exchange fell victim to a 1.4 billion dollar hack, which primarily involved ERC-20 tokens, liquid staking Ether, and Mantle Staked ETH (mETH).
The incident marked one of the most serious security breaches in the history of the crypto sector. To respond to the attack, Bybit initiated a multi-pronged strengthening plan, aiming to prevent future attacks and restore user trust.
A three-phase security plan for Bybit
In the month following the attack, Bybit completed as many as nine security audits , involving both its internal team and independent experts.
These checks have led to the implementation of 50 new security measures, aimed at strengthening the vulnerable points that emerged during the attack.
According to what was stated by the company on June 4, the revision plan is based on three fundamental pillars: safety controls, wallet fortification, and improvements in information management.
On the hardware front, Bybit has made significant improvements to the protocols of cold wallets, introducing a new operational procedure that involves constant supervision by security experts during every phase of wallet management.
Furthermore, the calcolo multilaterale has been adopted, a technology that allows for advanced protection of cryptographic keys, reducing the risk of compromise.
The moduli di sicurezza hardware have been consolidated to ensure an even higher level of protection.
Bybit has obtained the ISO/IEC 27001 certification, an international standard for information security management.
The exchange has also stated that it will encrypt all internal and external communications, including customer data, to ensure the highest confidentiality and integrity of the information.
Despite the extent of the attack, Bybit has managed to almost completely restore the previous liquidity levels.
A key role in this process was played by the LazarusBounty initiative, a program launched to trace the stolen funds and encourage community collaboration.
As of today, over 2.3 million dollars in rewards have been distributed through this program, which continues to monitor the movements of the stolen tokens.
Liquidity Rebound on Bitcoin and Altcoins
According to a report by Kaiko, the market depth of Bitcoin on Bybit — measured within 1% of the price — returned to a daily average of 13 million dollars just 30 days after the attack.
Altcoin liquidity has also shown signs of recovery, albeit at a slower pace: market depth for the top 30 altcoins by capitalization has recovered over 80% of pre-hack levels.
A determining factor in the stabilization of liquidity has been the use of Retail Price Improvement (RPI) orders, a feature designed to attract institutional liquidity.
These orders have helped maintain stable market conditions during times of heightened tension, improving price efficiency and offsetting the temporary reduction of non-RPI liquidity.
Bybit emphasized that, in addition to strengthening the technical infrastructure, it is necessary to address a new generation of cyber threats.
According to a spokesperson for the exchange, the hackers are shifting their focus from protocol exploits to human errors, which are now considered the weakest link in the security chain.
Modern attacks are increasingly sophisticated, with cybercriminals posing as grandi brand o protocolli noti, deceiving users and operators through social engineering techniques.
The code is no longer the main target
Ronghui Gu, co-founder of the blockchain security company CertiK, has confirmed this trend, explaining that the attack vectors are evolving.
This means that it is no longer the smart contracts or the blockchain infrastructure that represent the weak point, but the human behavior.
This new reality requires a paradigm shift in cybersecurity: it is not enough to lock down the code, it is necessary to educate and train users to recognize and prevent increasingly sophisticated fraud attempts.
With the implementation of in-depth audits, new protection technologies, international certifications, and an active fund recovery program, Bybit has demonstrated a rapid and structured response to one of the most serious crises in its history.
The recovery of liquidity and transparency in communications with users are clear signals of the exchange’s willingness to regain the trust of the market and strengthen its position in a sector increasingly exposed to complex threats.
In an ever-evolving crypto landscape, the case of Bybit serves as a warning for the entire ecosystem: security is never final, and resilience is built with constant investments, innovation, and awareness.
