On February 21, 2025, one of the world's leading cryptocurrency exchanges, Bybit, suffered an unprecedented attack. Hackers stole approximately $1.4 billion worth of digital assets, marking it as the largest cryptocurrency heist in history.
How the Hack Happened
The attack targeted Bybit’s cold wallet, a secure offline storage used to protect users’ assets from online threats. Hackers exploited vulnerabilities during a routine transfer of Ethereum (ETH) from Bybit’s cold wallet to a warm wallet used for daily operations. They gained access to the signing mechanism, allowing them to alter transaction details without detection. Hackers also manipulated smart contracts, redirecting funds to their address. The stolen ETH was rapidly transferred across multiple wallets and laundered using different protocols, making it difficult to trace.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack was so massive that it triggered a panic among Bybit users. Over 350,000 customers rushed to withdraw their assets, fearing further security breaches. Despite this, Bybit assured users that their funds remained secure. Bybit’s CEO, Ben Zhou, quickly addressed the situation: "Bybit is solvent even if this hack loss is not recovered; all client assets are 1:1 backed; we can cover the loss." This reassured investors, as Bybit holds over $20 billion in customer assets.
Who’s Behind the Attack? The Lazarus Group Connection
Blockchain sleuth ZachXBT and analysis firms Arkham Intelligence and Elliptic were immediately involved in tracking the stolen assets. Their findings point to the notorious Lazarus Group, a North Korean state-sponsored hacking organization known for its sophisticated cyberattacks on cryptocurrency platforms. The group has been linked to major crypto heists, including the Ronin Bridge ($625M) and Horizon Bridge ($100M) hacks. The tactics used in the Bybit hack match the Lazarus Group’s previous attack patterns.
The Bybit hack raises serious concerns about the security of even the most advanced cryptocurrency platforms. Despite Bybit’s robust security measures, hackers managed to breach their system and steal a record-breaking amount. The security of cold wallets is also being questioned, highlighting the need for improved multi-signature and real-time monitoring systems.
