A versatile writer in a wide range of concepts, specifically in Web3, FinTech, crypto and more contemporary topics. I am dedicated to creating engaging content for various audiences, coming from my passion to learn and share my knowledge. I strive to learn every day and aim to demystify complex concepts into understandable content that everyone can benefit from.

Proofreader

Tamta Suladze

Tamta is a content writer based in Georgia with five years of experience covering global financial and crypto markets for news outlets, blockchain companies, and crypto businesses. With a background in higher education and a personal interest in crypto investing, she specializes in breaking down complex concepts into easy-to-understand information for new crypto investors. Tamta's writing is both professional and relatable, ensuring her readers gain valuable insight and knowledge.

Bybit Hack Closed – We Finally Know Who Did It

Industry News

February 26, 2025

We know the vulnerabilities and risks associated with crypto transfers and decentralised systems. However, after several security solidifications and tech improvements, the DeFi space has not had a major cyber attack for a couple of years.

According to Chainanalysis reports, the number of hacks and stolen funds in 2023 and 2024 is almost half of those in 2021 and 2022, dropping almost 51% in 2023 compared to the previous year.

However, recently, we witnessed the largest crypto heist in history, as the Bybit hack news circulated, drying almost $1.5 billion from the exchange.

Bybit Hack: What Happened?

On 21 February 2025, Dubai-based cryptocurrency exchange Bybit was hacked, resulting in the theft of approximately $1.5 billion worth of Ethereum.

According to the CEO’s X post, the attack happened during a routine fund movement from a cold to a warm wallet to support daily operations.

* Cold storage is dormant spaces where crypto assets are securely stored. Hot wallets are active wallets used for platform operations.

The hackers used a sophisticated technique by creating a counterfeit interface that mimics Bybit’s wallet UI when transferring funds. When admins signed the transaction, they unintentionally approved the transfer of 401,000 Ethereum to an unknown address.

The stolen digital assets equal approximately $1.5 billion, marking the largest-ever crypto hack, outnumbering the likes of Poly Network hack in 2021 and Binance’s BNB heist in 2022.

The company quickly transmitted the information, assuring platform liquidity, user funds were safe, and withdrawals remained active.

Lazarus Group: The Perpetrators

Elliptic, a UK-based blockchain analytics firm, traced the attack and pointed it towards the Lazarus Group, notorious North Korean hackers.

The hacking collective is reportedly close to the North Korean government, excelling at cyber espionage and laundering stolen funds to finance state activities.

Lazarus group was linked to several financial theft operations, including the 2016 Bangladesh Bank cyber heist, a series of ransomware attacks in 2017, and numerous breaches in the crypto space.

In the Bybit hack, the hackers spread the stolen Ether tokens across 50 crypto wallets to avoid being traced and to cash out on multiple other exchanges.

How Did Bybit Recover?

Bybit took immediate action to reassure its users, maintain operations, and pull emergency funds from liquidity reserves. The company announced all client funds were 1:1 backed and that the platform was solvent to cover the stolen assets.

Bybit secured around 447,000 Ethers in loans and deposits from major investors and liquidity partners, such as Wintermute, Galaxy Digital, and FalconX.

These measures enabled the platform to maintain normal withdrawal and trading activities, demonstrating resilience and a commitment to user trust despite the significant financial setback.

Superior Management and Communication

Bybit prioritised transparent communication directly from the CEO, Ben Zhou, who, shortly after the breach went live, addressed user concerns, provided details, and described the response plan.

This proactive approach, including regular social media updates and official announcements, prevents the company from significant panic withdrawals and exits, which could overwhelm the platform.

Bybit also collaborated with other cryptocurrency platforms and cybersecurity experts to track stolen funds and avoid laundering them on other exchanges.

The Aftermath

Bybit recovered around $43 million from the stolen funds, with ongoing efforts to locate and return the remaining amount. The company also launched a bounty of up to 10% of recovered funds for anyone who can assist in retrieving the Ether tokens.

The already-fluctuating coin, Ethereum, lost around 6.7% of its market price on the day of the heist, dropping from $2,840 to $2,640. Despite a correction in the following two days, taking the coin up to $2,850 again, the coin plummeted significantly on 25 February to $2,400.

Final Takeaways

The unprecedented Bybit hack is a stark reminder of the critical importance of cybersecurity in the rapidly evolving cryptocurrency sector.

It highlights the necessity for exchanges to implement advanced security measures, conduct regular system audits, and foster a culture of vigilance against sophisticated cyber threats.

For brokers, it signifies the role of direct, transparent communication to preserve brand reputation and trust. For traders, it underlines the role of security practices, such as using hardware wallets and enabling two-factor authentication.

Disclaimer: This article is for informational purposes only. It is not finance advice and should not be relied upon for investment decisions. Always do your own research and consult a financial advisor before investing.