On February 21, 2025, Bybit experienced a major cyber attack resulting in the theft of approximately $1.4 billion in digital assets, marking the event as the largest heist in cryptocurrency history.
How the Hack Happened
The attack targeted Bybit’s cold wallet—a secure offline storage intended to protect assets from online threats. Hackers exploited a vulnerability during a routine Ethereum transfer from the cold wallet to a warm wallet. They accessed the transaction signing process, allowing them to modify transaction details undetected. Furthermore, Bybit's system indicated a legitimate address; however, contract logic was tampered with to redirect funds to the hackers' accounts. The stolen funds were rapidly transferred across multiple wallets and laundered through various protocols, complicating traceability.
Immediate Aftermath and Company Reaction
The scale of the attack caused panic among Bybit users, with over 350,000 customers rushing to withdraw their assets. However, Bybit assured that all client funds remained secure. The company's CEO, Ben Zhou, quickly addressed the situation, emphasizing the measures being taken to cover losses. Bridge loans were secured to maintain platform stability.
Suspects and Future Actions
Investigations by ZachXBT and Arkham Intelligence suggest the involvement of the North Korean hacking organization Lazarus Group. Known for its participation in several major cyber heists, this collective's tactics mirrored those used in past attacks. In response, Bybit is working with law enforcement for fund recovery and has offered a reward for assistance in the investigation. Despite current challenges, Bybit continues to operate and is enhancing its security mechanisms.
The Bybit hack raises significant concerns about the security of even the most advanced cryptocurrency platforms. Despite existing protective measures, hackers managed to steal a substantial sum, prompting a reassessment of security technologies and crypto exchange interactions with decentralized protocols.
