On February 21, 2025, the cryptocurrency exchange Bybit suffered a major hack where hackers stole approximately $1.4 billion, marking it as the largest theft in cryptocurrency history.
How the Hack Happened
The attack targeted Bybit’s cold wallet, used for secure offline storage of users' assets. Hackers exploited vulnerabilities during the transfer process of Ethereum from the cold wallet to a warm one. They altered transaction details, redirecting funds to their addresses. The stolen funds were rapidly moved across multiple wallets and laundered using various protocols, making tracking difficult.
Immediate Aftermath: Panic and Withdrawals
The scale of the attack caused panic among Bybit users. Over 350,000 customers tried to withdraw their assets, fearing further breaches. Despite this, Bybit assured users of their fund's safety. Bybit’s CEO, Ben Zhou, emphasized the company's ability to cover losses with reserves and 1:1 backing of client assets.
Who's Behind the Attack? The Lazarus Group Connection
Immediately after the incident, blockchain sleuth ZachXBT and blockchain analysis firms Arkham Intelligence and Elliptic got involved in tracking the stolen assets. Their findings point to the notorious Lazarus Group, a North Korean state-sponsored hacking organization known for major crypto heists. Similar manipulation of smart contracts and rapid fund movement were used in previous attacks by this group.
The incident with Bybit raises serious concerns about the security of cryptocurrency platforms and emphasizes the need for improved protective measures. Critical vulnerabilities were highlighted, which must be addressed to prevent such attacks in the future.
