On February 21, 2025, Bybit, one of the largest cryptocurrency exchanges, suffered an unprecedented hack. Hackers stole approximately $1.4 billion, marking it as the largest cryptocurrency heist in history.
How the Hack Happened
The attack targeted Bybit’s cold wallet used for secure storage of assets. Hackers exploited vulnerabilities during a routine Ethereum transfer from the cold to the warm wallet. They accessed the signing mechanism, altered transaction details, and manipulated smart contracts to redirect funds to their address. The stolen ETH was quickly transferred across multiple wallets, making it hard to trace.
Immediate Aftermath and Reactions
The scale of the attack sparked panic among Bybit users: over 350,000 customers rushed to withdraw their assets. Despite this, Bybit assured that their funds remained secure. Bybit's CEO, Ben Zhou, emphasized that the exchange remains solvent and all client assets are backed 1:1.
Suspicions Towards the Lazarus Group
Tracking and analysis of the stolen assets indicate involvement of the notorious Lazarus Group from North Korea. They are known for using sophisticated techniques in cryptocurrency platform attacks and are linked to previous large-scale heists.
The Bybit hack raises serious questions about the security of even the most advanced crypto platforms. Despite measures in place, hackers managed to steal a record amount, highlighting the need to reassess current security systems.
