On February 21, 2025, the cryptocurrency exchange Bybit faced an unprecedented breach with hackers stealing approximately $1.4 billion in cryptocurrency.
How the Hack Happened
The attack targeted Bybit’s cold wallet, which is typically used to protect users' assets from online threats. Hackers exploited vulnerabilities during the transfer of Ethereum from Bybit's cold wallet to a warmer one used for daily operations. They gained access to the cold wallet's signing mechanism, allowing them to alter transaction details undetected. This enabled them to redirect funds to the hackers' address.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack triggered panic among Bybit’s users. Over 350,000 customers rushed to withdraw their assets, fearing further breaches. Nonetheless, Bybit's CEO, Ben Zhou, assured users that their funds remained secure as all client assets are 1:1 backed.
Who’s Behind the Attack? The Lazarus Group Connection
Investigations by blockchain analysts have pointed to the notorious Lazarus Group as potential culprits. This North Korean group is known for targeting cryptocurrency platforms, and their previous attack methods align with the current breach.
The Bybit hack highlights significant concerns about the security of even the most advanced cryptocurrency platforms. Despite robust measures, the hackers managed to penetrate the system and steal a record-breaking amount, reminding cryptocurrency companies to continuously enhance their security protocols.
