While cryptocurrency exchanges have weathered their fair share of attacks, nothing compares to the absolute carnage that unfolded at Bybit on February 21, 2025. Hackers made off with a staggering $1.5 billion from a single Ethereum cold wallet, making it the largest crypto theft in history. Talk about a rough day at the office.
The sophisticated attackers, believed to be North Korea’s notorious Lazarus Group, managed to swipe over 401,000 ETH, along with various flavors of staked Ethereum tokens. They cleverly masked the signing interface and split their ill-gotten gains across 48 different wallets – because why make it easy for anyone to follow the money? The attack specifically targeted a transfer from a multisig cold wallet to a warm wallet. Specialized security token wallets could have provided additional protection through enhanced compliance checks and verification features.
Bybit’s CEO Ben Zhou didn’t waste time hiding under his desk. Within 30 minutes, he acknowledged the breach and jumped on a two-hour livestream to face the music. The exchange kept withdrawal services running, processing an impressive 350,000 withdrawal requests in just 10 hours. But that’s when things got really interesting. The company quickly assured investors they remained solvent with assets to cover all losses.
The hack triggered a massive $5.3 billion decline in Bybit’s assets. Beyond the $2.5 billion direct loss from the theft, panicked users yanked another $2.8 billion off the platform. Bitcoin holdings took a $1.6 billion hit, leaving the exchange with $5.7 billion in total reserves. Ouch.
Surprisingly, competitors rushed to help rather than dance on Bybit’s grave. Binance offered 50,000 ETH in emergency liquidity, while Bitget transferred 40,000 ETH and blacklisted the hacker’s wallets. Tether froze 181,000 USDT linked to the attack, and Crypto.com sent in their cybersecurity cavalry.
The incident exposed some serious holes in multisig wallet systems and raised eyebrows about Safe wallet provider security. It turns out the attackers had been busy, reusing wallet addresses from January’s Phemex exploit and racking up $1.34 billion in stolen crypto throughout 2024. Just another reminder that in crypto, you’re only as secure as your weakest link.
