On February 21, 2025, the Bybit cryptocurrency exchange faced an unprecedented attack, losing approximately $1.4 billion in digital assets.
How the Hack Happened
The attack targeted Bybit’s cold wallet—a secure offline storage used to protect users’ assets from online threats. According to reports, hackers exploited vulnerabilities during a routine transfer of Ethereum (ETH) from Bybit’s cold wallet to a warm wallet. They accessed Bybit's cold wallet signing mechanism, allowing them to alter transaction details undetected. Bybit’s system displayed a legitimate address, but the underlying contract logic had been tampered with, permitting the redirection of funds to the hacker's address. The stolen ETH was then quickly distributed across multiple wallets and laundered using different protocols.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack was such that it sparked panic among Bybit users. Over 350,000 customers rushed to withdraw their assets, fearing further security breaches. Despite this, Bybit assured users that their funds remained secure.
Who's Behind the Attack? The Lazarus Group Connection
Blockchain sleuth ZachXBT and firms Arkham Intelligence and Elliptic quickly became involved in tracking the stolen assets. Their findings point to the notorious Lazarus Group, a North Korean state-sponsored hacking organization known for sophisticated cyberattacks on cryptocurrency platforms. The group has been linked to major crypto heists, including the Ronin Bridge ($625M) and Horizon Bridge ($100M) hacks.
The Bybit hack raises serious concerns about the security of even the most advanced cryptocurrency platforms. Despite Bybit’s robust security measures, hackers managed to breach their system and steal a record-breaking amount. This underscores the need for more robust protective measures in the future.
