Bybit, a major cryptocurrency exchange, lost approximately $1.5 billion due to a significant security breach that occurred on February 21, 2025. This incident is widely regarded as the largest hack in cryptocurrency history. Here’s why it happened:
The loss stemmed from a sophisticated cyberattack targeting one of Bybit’s offline Ethereum (ETH) cold wallets, which are designed to securely store assets away from internet access. According to Bybit’s CEO, Ben Zhou, the attacker gained control of the wallet during a routine transfer to a "warm wallet" (used for active trading). The hackers exploited a vulnerability by manipulating the transaction process—specifically, they deceived the wallet signers through a masked user interface (UI). The UI appeared to show a legitimate transfer address, but the underlying smart contract logic was altered, allowing the attacker to redirect approximately 401,000 ETH, valued at around $1.5 billion, to an unidentified address.
Analysts and blockchain forensic experts, such as ZachXBT and Elliptic, have suggested that North Korean hackers, potentially the Lazarus Group, were behind the attack. This group is known for using advanced phishing techniques and social engineering to bypass security measures, targeting crypto platforms to fund state activities. The stolen funds were quickly moved across multiple wallets and began being liquidated on decentralized exchanges, complicating recovery efforts.
Despite the massive loss, Bybit has stated it remains solvent, with client assets fully backed 1:1 and over $20 billion in assets under management. The exchange secured emergency loans and large deposits to replenish reserves and manage a surge in withdrawal requests, processing over 580,000 withdrawals shortly after the hack. While Bybit is working with authorities and offering a recovery bounty, the odds of retrieving the stolen funds remain slim due to the sophisticated laundering methods employed by the perpetrators.
In short, Bybit lost $1.5 billion because hackers exploited human error and technical vulnerabilities during a wallet transfer, underscoring ongoing security challenges in the crypto industry.