Table of Contents
Bybit, one of the world’s largest cryptocurrency exchanges, has confirmed a massive security breach, resulting in the theft of $1.5 billion in Ethereum (ETH). The hack, which occurred during a routine wallet transfer, is now being labeled as one of the biggest crypto heists in history.
Security analysts suggest the North Korean hacking group Lazarus may be behind the attack, given its past involvement in high-profile cryptocurrency thefts (Wired).
How the Hack Happened
Bybit revealed that the breach occurred during a cold wallet to hot wallet transfer, a typically secure process. However, hackers exploited a vulnerability in the transfer mechanism, potentially through an inside source or a supply chain attack.
Key Details of the Breach
- The attack was detected on February 21, 2025, during a scheduled wallet maintenance process.
- Over 350,000 unauthorized withdrawal requests flooded Bybit’s network in minutes, triggering security alarms.
- Hackers immediately laundered the funds through decentralized exchanges (DEXs) and crypto mixers like Tornado Cash, making them difficult to trace (Blockchain.com).
Who is Behind the Attack?
Cybersecurity experts believe Lazarus Group, a North Korean state-backed hacking unit, orchestrated the breach. The group has been linked to previous attacks, including:
- The $620 million Axie Infinity hack (2022) (BBC)
- The $100 million Harmony Bridge exploit (2023) (CoinDesk)
Bybit’s Response and Customer Impact
Bybit CEO Ben Zhou reassured users that:
- All affected customers will be reimbursed in full from Bybit’s emergency fund.
- The exchange is working with law enforcement agencies and blockchain analytics firms to trace the stolen assets.
- A $150 million bounty has been announced for information leading to the recovery of funds (Bybit Blog).
Lessons for the Crypto Industry
This attack exposes vulnerabilities in crypto exchange security. Experts recommend:
- Stronger multi-signature authentication for wallet transfers
- Routine penetration testing and real-time threat monitoring
- Encouraging self-custody—users should keep assets in personal cold wallets rather than centralized exchanges (Ledger).
