On February 21, 2025, Bybit, one of the world's leading cryptocurrency exchanges, announced a breach in its system. Hackers stole approximately $1.4 billion worth of assets, marking it as the largest cryptocurrency heist in history.
How the Hack Happened
The attack targeted Bybit’s cold wallet—a secure offline storage used to protect users’ assets from online threats. Hackers exploited vulnerabilities during a routine transfer of Ethereum (ETH) from Bybit’s cold wallet to a warm wallet. They gained access to Bybit’s cold wallet signing mechanism, allowing them to alter transaction details without detection. Bybit’s system showed a legitimate address, but the underlying contract logic had been tampered with, redirecting funds to the hacker’s address.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack triggered panic among Bybit users: over 350,000 customers rushed to withdraw their assets, fearing further security breaches. Despite this, Bybit assured users that their funds remained secure. Bybit’s CEO, Ben Zhou, quickly addressed the situation, stating: "*Bybit is solvent even if this hack loss is not recovered; all client assets are 1:1 backed; we can cover the loss.*" This statement reassured investors, as Bybit holds over $20 billion in customer assets. The company also secured bridge loans to cover potential losses and ensured withdrawal requests were honored without delay.
Who’s Behind the Attack? The Lazarus Group Connection
Blockchain sleuth ZachXBT and analysis firms Arkham Intelligence and Elliptic began tracking the stolen assets. Their findings point to the notorious Lazarus Group, a North Korean state-sponsored hacking organization known for its sophisticated cyberattacks on cryptocurrency platforms. In the past, the group has been linked to major crypto heists such as the Ronin Bridge and Horizon Bridge hacks. The tactics used, like smart contract manipulation and rapid fund movement, match the Lazarus Group’s previous attack patterns. The stolen Ethereum was quickly moved across multiple wallets and exchanged using decentralized exchanges, making it extremely difficult to recover.
The Bybit hack raises serious concerns about the security of even the most advanced cryptocurrency platforms. Despite Bybit’s robust security measures, hackers managed to breach their system and steal a record-breaking amount. This event serves as a critical lesson for the entire industry regarding the need for improved security measures and more secure infrastructure implementation.
