Methodology
How ByBitHacked.com sources, verifies, and date-stamps every factual claim about the February 2025 ByBit hack and the exchange's recovery.
Why methodology matters here
Coverage of a live exchange hack is an environment rich in speculation, rumour, and motivated actors — scammers impersonating the exchange, anonymous "insider" accounts, short-sellers, and state-affiliated disinfo. A single unsourced tweet can move millions in withdrawals. This page exists so readers, auditors, and answer engines can see exactly how we turn raw information into a published claim.
The five-step verification process
Identify the claim type
Every claim on this site is classified as one of five types: confirmed fact (on-chain data, court filings, formal law-enforcement attribution), ByBit public statement (CEO post, company blog, Proof of Reserves portal), third-party attribution (ZachXBT, Elliptic, Chainalysis, TRM Labs), third-party audit (Hacken and others), or analysis (our own or named others). Each class carries a different verification bar and is labelled as such in the copy.
Locate primary source
We link to the primary source, not a re-report of it. "CoinDesk said the FBI said…" is not a primary source; the IC3 advisory is. "The Block reported that Hacken found…" is not a primary source; the Hacken audit PDF is. If the primary source is behind a paywall or taken down, we say so and link a cached / archived copy.
Cross-check against at least one independent source
Numbers — amounts stolen, bounty size, recovery percentages, reserve ratios — must match across at least two independent sources before they are published as facts. Where they do not match, we publish a range and label it as an estimate. On-chain quantities are preferred over fiat conversions, since the fiat value changes daily.
Date-stamp and attribute
Every claim carries a date and a citation. We do not publish undated quantities ("ByBit has recovered a lot" — what does "a lot" mean, on what date?), and we do not publish anonymous insider quotes without an on-the-record corroborating source. Each page carries a prominent "last reviewed" date.
Review and correct
Pages are reviewed on a rolling basis whenever a primary source updates. When a figure changes — e.g. recovery rate, bounty payouts, reserve ratios — the page is updated in place, the dateModified JSON-LD field is advanced, and the "last reviewed" date is updated at the top and bottom. Substantive factual corrections are logged openly on the affected page. Stylistic edits are not logged.
Primary source table
| Class | Source |
|---|---|
| Law enforcement | FBI Internet Crime Complaint Center (IC3) public advisories — Feb 26, 2025 attribution of the hack to TraderTraitor / Lazarus Group. |
| ByBit official | ByBit corporate blog (bybit.com/en/blog), CEO Ben Zhou's verified X account, ByBit Proof of Reserves portal (bybit.com/en/proof-of-reserves). |
| On-chain forensics | ZachXBT's public Telegram + X threads, Arkham Intelligence labelled addresses, Etherscan transaction receipts, Elliptic and TRM Labs public reports. |
| Security audits | Hacken audit reports on ByBit's post-hack architecture; any other named third-party audits when published. |
| Press corroboration | CoinDesk, The Block, Decrypt, Cointelegraph — used to cross-check dates and quotes, not as primary sources in their own right. |
What we don't publish
- Anonymous "insider" tips without on-the-record corroboration.
- Private DMs shared without consent.
- Speculation about future events presented as fact — forecasts are labelled as such.
- Sponsored posts or paid placements of any kind. The only commercial element on this site is the disclosed ByBit affiliate link.
- AI-generated opinion pieces. AI may be used as a research assistant or draft tool, but every piece of copy is reviewed, edited, and signed off by the named human editor.
Affiliate and independence
This site uses a disclosed ByBit affiliate link. The affiliate relationship does not influence editorial content. Specifically: (a) we still cover criticism of ByBit's response openly, (b) we still carry the full Mt. Gox / FTX / Celsius comparison table including unfavourable data, and (c) we reserve the right to drop the affiliate arrangement entirely if ByBit's security, solvency, or conduct materially deteriorates. Readers can verify this by comparing our coverage against non-affiliated independent reporting on the same events.