The cryptocurrency world has been rocked by a massive security breach at Bybit, one of the largest crypto exchanges in the industry. In what is now being called the biggest crypto heist in history, hackers managed to steal approximately $1.5 billion worth of Ethereum from one of Bybit’s cold wallets. This incident surpasses previous major breaches, sending shockwaves across the crypto market and raising serious concerns about security measures in digital asset exchanges.
Bybit confirmed that the attack was highly sophisticated, involving manipulation of the signing interface used for transferring funds between wallets. The exchange stated that while their system displayed the correct recipient address, the underlying smart contract logic had been altered, allowing the attacker to divert funds to an unknown destination. This revelation has sparked widespread discussions about vulnerabilities in cryptocurrency security protocols and the evolving tactics of cybercriminals.
The Bybit hack is officially the largest crypto heist in HISTORY.
$1.46B+ stolen and still counting. That’s 16% of ALL previous crypto hacks COMBINED.
Here’s what happened, what we know, and why this could change everything 🧵👇 pic.twitter.com/Mi4o4VtqfH
— f(gautham)💤 (@gauthamzzz) February 21, 2025
The attack took place when Bybit’s Ethereum multi-signature (multisig) cold wallet executed a transfer to a warm wallet. Cold wallets are generally considered safer because they are not connected to the internet, making them less vulnerable to online attacks. However, in this case, the attackers managed to gain control over the wallet’s signing mechanism, effectively bypassing the platform’s security measures. Once the funds were transferred, they were sent to an unidentified address, and their whereabouts remain unknown.
Bybit’s CEO, Ben Zhou, took to social media to reassure users that all other cold wallets remain secure and that the company is working with authorities to investigate the breach. Zhou also stated that Bybit is financially stable and will fully reimburse all affected users. The exchange has already launched a refund program, ensuring that users will not suffer losses due to the attack. Despite the enormous financial impact of the heist, Bybit maintains that its operations will continue as usual.
Blockchain security firms Elliptic and Arkham Intelligence have attributed the attack to the infamous Lazarus Group, a North Korean-backed cybercriminal organization known for executing large-scale crypto thefts. If confirmed, this would mark yet another instance of North Korea’s involvement in cryptocurrency hacking, with stolen funds allegedly being used to finance the nation’s economic activities. In 2024 alone, Lazarus Group has been linked to 47 separate crypto hacks, amassing an estimated $1.34 billion in stolen digital assets.
Independent researcher ZachXBT has pointed out that on-chain data suggests a connection between the Bybit hack and a recent breach at Phemex, another crypto exchange that suffered a significant loss just weeks before this incident. This connection hints at a larger, coordinated attack strategy targeting major cryptocurrency platforms. While Phemex has not disclosed the exact amount lost, experts believe the two hacks share similarities in execution, raising alarms within the cybersecurity and crypto communities.
This heist has had an immediate impact on the cryptocurrency market. Ethereum, the second-largest digital currency by market capitalization, saw its price drop by nearly 4% following the attack. At the time of the breach, Ethereum was valued at $2,641.41 per token. Market analysts speculate that confidence in centralized exchanges could take a hit, as investors may begin to question the security of their assets on even the most well-established platforms.
Despite the financial setback, Bybit has assured investors that it remains solvent. According to Zhou, the exchange currently holds $20 billion in client assets and has over 60 million users worldwide. Even if the stolen funds are not recovered, Bybit claims it has enough reserves to cover the loss through its treasury or a bridge loan from strategic partners. While this statement provides some reassurance, the long-term implications for Bybit’s reputation and trust among users remain uncertain.
The crypto industry has long been plagued by security breaches, but this attack highlights the growing sophistication of cybercriminals. Unlike traditional financial institutions, cryptocurrency exchanges operate in a largely unregulated environment, making them attractive targets for hackers. The rise of blockchain forensics has made it easier to track stolen funds, but the anonymity of decentralized finance still poses challenges for law enforcement agencies trying to recover lost assets.
The Lazarus Group, which has been identified as the main suspect in this attack, is believed to be one of the most prolific hacking groups in the world. Operating out of North Korea, the group has been responsible for some of the largest financial cybercrimes in recent years. Google recently described North Korea as “arguably the world’s leading cybercriminal enterprise.”
Meet Park Jin Hyok, the best hacker in the world
Yesterday, he stole 400,000 ETH ($1.5B) from Bybit
I spent 20h exposing his scheme and was shocked
Here’s how he managed to do it and what’s next👇🧵 pic.twitter.com/dKCVfptCoZ
— Atlas (@crptAtlas) February 22, 2025
The Lazarus Group’s involvement in cryptocurrency thefts is well-documented. In 2022, the group was linked to the Ronin Network breach, in which $620 million worth of Ethereum and USD Coin were stolen. Similar attacks have targeted major platforms such as Poly Network ($611 million) and BNB Bridge ($586 million). The Bybit heist, however, now stands as the largest of them all.
This attack raises serious concerns about security in the crypto space. While cold wallets are generally considered the safest way to store digital assets, this breach proves that even offline storage solutions are not immune to attacks. The manipulation of the signing interface shows that hackers are adapting their techniques to exploit vulnerabilities that had previously been overlooked.
This is Park Jin
A key player in Lazarus Group, North Korea’s elite cybercrime unit.
They are behind
⟜ Sony Pictures hack (2014)
⟜ Bangladesh Central Bank heist ($81M stolen)
⟜ And now, A $1.4B heist on Bybit (2025)Here’s how he pull off one of the biggest crypto hacks… pic.twitter.com/jac7jPZAKE
— Sjuul | AltCryptoGems (@AltCryptoGems) February 22, 2025
Bybit has promised to enhance its security measures following this breach, but the incident underscores a broader issue within the industry. Cryptocurrency exchanges must continuously improve their security protocols to keep up with the evolving threat landscape. Multi-signature authentication, robust smart contract auditing, and enhanced user verification measures are some of the steps exchanges can take to mitigate risks.
Just In : Wazirx had user funds on Bybit Exchange which they withdraw yesterday after the Bybit Hack.
Imagine if Bybit didn’t cover loses, what would have happened.
This is another reason – why we have been asking Nischal to publish Live POR but instead Nischal Blocked me and… pic.twitter.com/R1p5gWHUQM
— Aditya Singh (@CryptooAdy) February 23, 2025
Authorities worldwide have been tightening regulations on cryptocurrency platforms in an effort to combat money laundering and cybercrime. However, enforcement remains a challenge due to the decentralized nature of digital assets. Hackers often use sophisticated methods to launder stolen funds, making it difficult for authorities to track and recover the assets. In response to this attack, Bybit has already reported the case to law enforcement agencies, but it remains unclear whether the stolen funds will be recovered.
