After ByBit, the Dubai-based exchange, was hit with the biggest hacking of crypto funds in history – what does this mean for Bybit and its community of over 60 million users?
After ByBit, the Dubai-based exchange, was hit with the biggest hacking of crypto funds in history – what does this mean for the company and its community of over 60 million users?
On Friday 21st February 2025, leading cryptocurrency exchange Bybit revealed that it had fallen victim to one of the biggest crypto hacks in history. Around $1.5 billion worth of digital funds was stolen from the company’s Ethereum (ETH) cold wallet, with cybersecurity experts identifying North Korea’s Lazarus Group as the culprit.
In a series of events which rocked the crypto world, the Dubai-based crypto platform confirmed that the hackers gained control of ETH funds by exploiting security protocols, before transferring the assets to a so-far unidentified address.
On his X account, in a post which has since been seen over six million times, Bybit co-founder and CEO Ben Zhou addressed the situation directly, stating: “Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”
Despite Zhou’s attempts to reassure users, questions still remain over how such a large crypto exchange can be breached in such a catastrophic way. With several days now passed since the historic heist, let’s take a look at exactly how we got here and try to figure out what happens next.
How did Bybit get hacked?
The sophisticated attack took place during a scheduled “routine” transfer of digital assets between one of Bybit’s multi-signature cold wallets and a warm wallet. Hackers successfully managed to trick the company’s ETH cold wallet signers (which included Zhou) into approving a fraudulent transaction by exploiting a disguised UI that mimicked a legitimate Safe Wallet URL.
After gaining control of the cold wallet, the perpetrators siphoned away more than 400,000 ETH into an unknown address. From there, the hackers divided the stolen funds into three separate distribution wallets before splitting them into dozens of additional addresses.
Overall, Bybit’s cold wallet was drained of 401,347 ETH worth $1.12 billion, 90,376 stETH ($253.16 million), 15,000 cmETH ($44.13 million), and 8,000 mETH ($23 million), with the tokens consolidated into ETH using a range of decentralized exchanges.
Who was behind the hacks?
North Korean state-sponsored Lazarus Group is believed to be behind the Bybit hacks, according to blockchain security experts. Crypto investigator ZachXBT led the exposé, revealing evidence of test transactions and connected wallets used ahead of the exploit by tracing available on-chain data.
An infamous hacker group understood to have the support and backing of the government of North Korea, Lazarus has been linked to multiple high-profile cyberattacks over the last decade. These include the malware attack on Sony Pictures in 2014 and the spread of the WannaCry ransomware three years later.
The group was also responsible for the audacious theft of $81 million from the central bank of Bangladesh in 2016. In what appeared to be a well-planned, large-scale attack, the hackers used the SWIFT payment network to launder funds through casinos based in the Philippines.
How does it compare to previous hacks?
Bybit has now become the victim of the largest crypto heist ever recorded, overtaking the infamous Ronin Network breach, which involved the theft of an estimated $620 million worth of ETH and USD Coin (USDC) back in 2022.
Another significant crypto breach was the 2021 attack on the token-swapping platform Poly Network, where hackers stole approximately $600 million in digital assets. In an unusual turn of events, the perpetrators returned most of the embezzled funds in less than 48 hours.
Other notable crypto-related hacks involve two Japanese companies. Tokyo-based digital currency exchange Coincheck suffered a $534 million attack in 2021, while Mt. Gox lost Bitcoin (BTC) worth close to $500 million over the course of several years between 2011 and 2014.
What happens next?
Put simply, retrieving the stolen assets will be a hugely challenging task for Bybit, and the odds of success at this stage look incredibly slim. With the Lazarus Group now believed to be behind the attack, it remains extremely unlikely that the missing funds will ever be fully recovered.
Despite this, it must be noted that Bybit worked quickly to secure its platform in the immediate aftermath of the hack, while engaging blockchain forensic experts to track the stolen funds. Later on, the exchange also introduced a bounty program, offering ethical hackers up to 10% of the recovered amount for their assistance in retrieving the funds.
In less than 72 hours since the incident, the company has managed to successfully replenish its reserves through a combination of emergency loans and substantial deposits, securing nearly 447,000 ETH tokens through funds acquired from Galaxy Digital, FalconX, and Wintermute. While the swift response helped restore the exchange’s balance and ensured withdrawals continued, it did not make up for the lost funds.
As the fallout from the Bybit hack continues to dominate the headlines, be sure to check the latest crypto prices, including the Live Ethereum (ETH) Rate, at FXTrustScore.com.
