Key takeaways

  • Ben Zhou acted immediately upon learning about the $1.5-billion hack, taking charge within 30 minutes and providing real-time updates to reassure users.
  • Zhou maintained open communication through frequent X posts and a two-hour livestream, ensuring stakeholders stayed informed and confident.
  • Despite the crisis, Bybit continued offering withdrawals and other services, processing over 350,000 withdrawal requests within 12 hours.
  • Bybit secured emergency funding and maintained a 1:1 asset reserve to protect customer funds.

Crises have the power to make or break leaders. In many ways, they are like fire, revealing the true strength of individuals — much like fire reveals real gold. Ben Zhou, co-founder and CEO of Bybit, faced the biggest challenge of his life when Bybit, the crypto exchange he set up in 2018, suffered a staggering $1.5 billion hack on Feb. 21, 2025, the largest security breach in crypto history to date.

In Zhou’s own words, he was informed of the hack at 10 pm local time. Rather than retreating to bed after a long day at work, Zhou spent the longest night of his life confronting the devastating blow. He held numerous meetings, responded to stakeholders, and coordinated with law enforcement agencies to manage the crisis. 

Zhou’s swift response, transparency and strategic crisis management helped the platform navigate the initial shock. While Zhou insists he didn’t have the time to let the enormity of the loss sink in, he has shown the tenacity to deal with the crisis and not crumble under pressure.

But how did Zhou handle the crisis, and what does his leadership reflect? This article dives into how Zhou tackled this unprecedented challenge.

Zhou’s immediate response to the Bybit hack

Within 30 minutes of the incident, Zhou quickly took charge, reaching out to the community on X. He then hosted a comprehensive, two-hour livestream an hour later, providing real-time updates and detailed explanations.

Bybit, under Zhou’s leadership, displayed resilience and professionalism in the aftermath of the most significant cryptocurrency breach in the history of crypto. The exchange responded in a swift and transparent manner, ensuring that there was no panic among the depositors. He assured clients in a Feb. 21 X post, stating all client assets are 1:1 backed. 

Zhou assures customers about the safety of their funds

On Feb. 21 and 22, Zhou made a series of X posts, keeping the stakeholders informed about how the exchange was responding to the challenge. Consistent communication on his part made the investors feel reassured.

Zhou stressed that the exchange was functional despite the hack: “All Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns. ALL hands on DECK rest assured, we are here with you.”

Zhou informed all Bybit products were functional despite the hack

Zhou’s communication was natural and reflected sincerity. It gave the impression that Bybit was as much a victim as any other depositor yet was working to ensure no one lost their money or faced inconvenience. In one of his X posts, he explained how he, along with the Bybit team, worked overnight to respond to the queries of the depositors. 

Zhou's community reflected his sincerity in solving crisis

To evaluate Zhou’s efficiency in the aftermath of the hack, it’s important to first understand the expectations placed on a CEO during times of crisis and determine whether Zhou met those expectations.

Did you know? To rebuild its reserves, Bybit successfully acquired approximately 446,870 Ether (ETH), valued at about $1.23 billion, representing nearly 88% of the $1.4 billion lost. This was achieved through loans, large investor deposits and asset purchases, as reported by Lookonchain.

How should a CEO act when a crisis occurs?

When a crypto exchange has suffered a cyberattack or any other emergency, the CEO, as the ship’s captain, is expected to respond quickly and decisively to stabilize the situation.  

They are expected to have draft responses to such emergencies and a war chest to prevent the disruption of the company’s operations. In the event of a hack, they are expected to quickly analyze the problem with their team, activate the incident response team, and maintain effective communication with stakeholders.  

After the initial response, the CEO must consistently work with cybersecurity professionals, legal teams and law enforcement as needed. Transparency and regular updates to customers, investors and employees are essential for maintaining trust. To avoid repeating such incidents, the CEO must review security, evaluate corporate policy, and oversee damage control. 

Did you know? ZachXBT, a crypto investigator, attributed the Bybit exploit to North Korea’s Lazarus Group and was rewarded with a 50,000-ARKM (ARKM) token bounty for his discovery.

Zhou’s crisis management capabilities after the Bybit hack

The devastating hack on Bybit has placed Zhou’s leadership under intense scrutiny. Beyond the immediate impact of the financial loss, the incident has triggered widespread discussion regarding the efficacy of Bybit’s security protocols and the responsiveness of its management. 

Here is an analysis of Zhou’s handling of the crisis, examining the decisions made, the communication strategies employed and the overall impact of his management on the company’s reputation and the broader cryptocurrency market:

Continuance of services

Despite the crisis, Zhou ensured that the exchange’s operations continued seamlessly. Uninterrupted withdrawals (contingent upon network congestion), Bybit’s products and services and constant access to support and relationship managers allayed the depositors’ fears and sustained the exchange’s reputation.

Within 12 hours after the hack was discovered, the exchange had processed over 350,000 withdrawal requests. Customers had access to their relationship managers. Their withdrawal system had returned to its normal pace, enabling the depositors to pay any amount without delays. 

Bybit processed all withdrawals within 12 hours of the hack

Industry support

Zhou’s extensive network paid off when the cryptocurrency industry presented a unified stance with Bybit, highlighting a collaborative spirit within the sector. Prominent exchanges blacklisted the wallet addresses, delaying further transfer of the misappropriated assets to an extent. In addition, rival exchanges joined hands with Bybit in a critical situation to act as a cohesive force against the hackers. 

Securing emergency funding

Bybit obtained around 447,000 Ether (ETH) tokens through emergency funding from firms such as Galaxy Digital, FalconX and Wintermute. Bybit borrowed 40,000 ETH from Bitget to ensure withdrawals continued uninterrupted. Within three days of borrowing, the exchange repaid the loan. 

Did you know? Ben Zhou, CEO of Bybit, used an X post on Feb. 25, 2025, to rally user support in a “war against Lazarus,” the North Korea-linked group that had stolen funds from Bybit on Feb. 21.

Conducting independent proof-of-reserves audit

To ensure transparency, cybersecurity firm Hacken conducted a proof-of-reserves audit. The audit confirmed that Bybit had fully replenished its reserves, showing that all major assets, including Bitcoin (BTC), ETH, Solana (SOL), Tether’s USDt (USDT) and USD Coin (USDC), were backed by more than 100% in collateral.

Fund protection

The scale of the hack notwithstanding, Bybit managed to stick to a 1:1 reserve guarantee, which ensured the safety of client assets. Zhou assured the customers that Bybit possessed the financial capability to absorb the loss and remain financially sound. While the hack financially hit Bybit hard, it underlined the exchange’s strong financial position. 

Collaboration with law enforcement

To address the hack, Zhou cooperated closely with the regulators and law enforcement agencies. This helped the exchange put up a swift and efficient response and demonstrated how crypto companies and government agencies can work together to handle such incidents. Such collaboration has set an example regarding the mutual support of industry and law enforcement in the future. 

Did you know? From 2017 to 2023, hackers linked to North Korea have reportedly stolen cryptocurrency valued at more than $3 billion from various exchanges.

Regular updates

Zhou released regular updates regarding the status of the stolen funds. On Feb. 21, the day of the hack, Zhou posted on X how hackers had managed to steal funds.

Hackers managed to change the smart contract logic of Bybit's ETH cold wallet

On Feb. 25, more than 11,000 wallets associated with the Bybit hackers were identified by Elliptic, a blockchain analytics firm.

Elliptic shared real-time Bybit exploit data

On March 4, Zhou provided an update on the stolen funds, informing that $280 million had gone dark, while $1.07 billion remained trackable as investigators raced to freeze assets.

Zhou released regular updates about the stolen funds

Zhou also declared a “war against Lazarus” and initiated a global bounty program to recover the stolen funds. The initiative offered rewards of up to 10% for information leading to the freezing of the illicit assets. 

Who is Ben Zhou?

Ben Zhou, co-founder and CEO of Bybit, was born in Hangzhou, China. He moved to New Zealand at 11, where he completed his secondary education. He later pursued higher studies in the US, earning a bachelor’s degree in economics from Earlham College in 2010. Before venturing into the cryptocurrency industry, Zhou amassed significant experience in the financial sector. He served as the Greater China region manager at XM, an international forex brokerage firm, from 2010 to 2017.

Zhou’s introduction to blockchain technology in 2016 sparked a keen interest in the field, leading him to delve into cryptocurrency trading and education. Recognizing a gap in user awareness, Zhou launched a YouTube channel and utilized WeChat to educate audiences about cryptocurrencies, amassing around 20,000 followers.

In 2018, Zhou founded Bybit. Under his leadership, the exchange saw remarkable growth, becoming one of the world’s largest cryptocurrency platforms. By July 2024, Bybit had amassed over 37 million users globally.

Zhou’s interest in crypto education is reflected in his establishment of the Bybit Learn Academy, which educates the community on various trading philosophies and strategies, including margin trading, risk management, and technical and fundamental analysis.

Under Zhou’s leadership, Bybit has demonstrated corporate social responsibility through partnerships, such as with UNICEF, to empower girls’ education in East Asia and the Pacific, making a Bitcoin donation worth $400,000 in its flagship World Series of Trading 2021. 

From Bybit’s breach to Zhou’s resilience

Zhou’s strong leadership, clear communication and quick actions helped Bybit rebuild user trust and improve security. His experience in the crypto industry, along with smart decision-making, kept the platform stable despite the challenge. 

By focusing on protecting customer funds and strengthening cybersecurity, Zhou proved his ability to manage crises effectively. In the event of the hack, Zhou’s approach emphasizes the importance of accountability and efficient crisis management.