The Largest Crypto Hack in History: Everything You Need to Know
In an unprecedented event, cryptocurrency exchange Bybit has fallen victim to a $1.4 billion hack, marking one of the largest digital heists in history. This article delves into the details of the breach, its implications for the crypto industry, and the measures being taken in response.
The Incident Unfolded
On Friday, 21st February 2025, Bybit, a prominent Dubai-based cryptocurrency exchange, announced a significant security breach resulting in the loss of approximately $1.4 billion worth of Ethereum. The attack occurred during a routine transfer from an offline ‘cold’ wallet to a ‘warm’ wallet used for daily trading activities. Hackers exploited this process, gaining control of the cold wallet and transferring 401,000 Ethereum to an unidentified address.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
In the wake of the breach, Bybit’sCo-Founder and CEO, Ben Zhou, took to social media to reassure customers. He emphasized that the company remains solvent, with all client assets backed 1:1, and that Bybit can cover the losses even if the stolen funds are not recovered. Ben stated, “Bybit is solvent even if this hack loss is not recovered; all clients’ assets are 1:1 backed; we can cover the loss.”
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
Despite these assurances, the incident prompted a surge in withdrawal requests, with over 350,000 customers seeking to retrieve their funds. Bybit acknowledged potential delays in processing these requests due to the high volume.
Investigative Efforts and Bounty Offer
Bybit has initiated a comprehensive investigation into the breach, collaborating with blockchain forensic experts to trace the stolen funds. The company has also launched a recovery bounty program, offering up to 10% of the recovered amount to ethical hackers and cybersecurity professionals who assist in retrieving the stolen cryptocurrency.
BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT
At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.
This incident underscores the persistent security challenges within the cryptocurrency industry. In 2024 alone, over $2.2 billion was stolen from crypto platforms, highlighting the vulnerabilities that exchanges face.
A coordinated effort led to the freezing of $42.89M in just one day. Thanks to the following teams for their swift action: @Tether_to: Flagged address and froze 181K USDT @THORChain: Blocked the blacklist @ChangeNOW_io: Froze 34 ETH @FixedFloat: Froze 120K USDC + USDT…
The scale of the Bybit hack has raised concerns about the robustness of security measures employed by cryptocurrency exchanges. It serves as a stark reminder of the importance of stringent security protocols and the need for continuous assessment and enhancement of protective measures to safeguard digital assets.
ZachXBT Points to the Lazarus Group
While the attackers’ identity remains unconfirmed, some reports suggest the potential involvement of North Korean state-sponsored hacking groups, such as the Lazarus Group. These groups have been implicated in previous large-scale cryptocurrency thefts, including a $615 million theft from the Ronin Network in 2022.
I spent the entire day graphing out the laundering movements and flagged theft addresses.
I am making 920+ addresses connected to the Bybit hack publicly available here:https://t.co/rUojVzgMic
The $1.4 billion Bybit hack is a significant event in the cryptocurrency sector, highlighting both the lucrative targets that exchanges present to malicious actors and the critical need for robust security infrastructures. As Bybit works towards recovering the stolen assets and reinforcing its security measures, this incident serves as a pivotal lesson for the entire industry on the importance of vigilance, transparency, and continuous improvement in safeguarding digital assets.
