On February 21, 2025, Bybit, one of the world's leading cryptocurrency exchanges, suffered an unprecedented security breach resulting in the theft of $1.4 billion in assets, marking it as the largest cryptocurrency heist in history.
How the Hack Happened
The attack targeted Bybit’s cold wallet, a secure offline storage used to protect users’ assets from online threats. Hackers exploited vulnerabilities during a routine transfer of Ethereum (ETH) from Bybit’s cold wallet to a warm wallet used for daily operations. They gained access to the signing mechanism of Bybit’s cold wallet, allowing them to alter transaction details without detection. The logic of smart contracts was manipulated, which redirected the funds to the hacker’s address. The stolen ETH was quickly transferred across multiple wallets and laundered using different protocols.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack triggered panic among Bybit users. Over 350,000 customers rushed to withdraw their assets, fearing further security breaches. However, Bybit CEO Ben Zhou assured the users that the company remains solvent and all client assets are 1:1 backed. Bridge loans were secured to cover potential losses, and withdrawal requests were honored without delay.
Who’s Behind the Attack? The Lazarus Group Connection
Blockchain sleuth ZachXBT and analysis firms Arkham Intelligence and Elliptic were involved in tracking the stolen assets. Their findings point to the notorious Lazarus Group, a North Korean state-sponsored hacking organization known for its sophisticated cyberattacks on cryptocurrency platforms. The methods used in the Bybit hack match the Lazarus Group’s previous tactics, highlighting their involvement.
The Bybit hack raises significant concerns about the security mechanisms of cryptocurrency exchanges. Even the most advanced platforms are vulnerable to sophisticated cyberattacks. Users should expect increased regulatory scrutiny, while cryptocurrency companies need to enhance their systems to prevent future breaches.
