In what is now considered the largest digital heist ever, hackers have stolen approximately $1.5 billion from Bybit, the world’s second-largest cryptocurrency exchange. The attack, which targeted Ethereum wallets, has sparked an urgent global effort to track and recover the stolen funds.
How the Hack Happened
The breach occurred when Bybit was transferring Ethereum from an offline cold wallet to a warm wallet for daily trading. Hackers exploited a security vulnerability during this transition, gaining access to a significant portion of the exchange's funds. Reports indicate that the stolen assets were swiftly moved to an unknown wallet.
Bybit’s CEO, Ben Zhou, reassured users that customer assets are safe and fully backed. Despite the loss, the company remains solvent and has pledged to refund affected users, even if the stolen funds are not recovered. However, news of the attack triggered panic withdrawals, with over 350,000 requests flooding the platform.
Bybit Hot wallet, Warm wallet and all other cold wallets are fine. The only cold wallet that was hacked was ETH cold wallet. ALL withdraws are NORMAL.
— Ben Zhou (@benbybit) February 21, 2025
North Korea’s Lazarus Group Suspected
Blockchain forensics firm Elliptic has linked the hack to Lazarus Group, a North Korean state-sponsored cybercrime syndicate notorious for targeting cryptocurrency platforms. The group has stolen over $6 billion in crypto since 2017, allegedly funding North Korea’s nuclear and missile programs.
Elliptic analysts identified typical laundering techniques used by Lazarus, including:
- Exchanging stolen assets for Ethereum to prevent issuers from freezing funds.
- Layering transactions by transferring assets through multiple wallets to obfuscate the trail.
- Using decentralized exchanges (DEXs), cross-chain bridges, and crypto mixers like Tornado Cash to further anonymize transactions.
Within hours of the attack, $140 million worth of stolen assets had already been laundered through various services, including the controversial eXch exchange, which reportedly refused to block illicit transactions.
At this point is really not about bybit or any entity, it's about our general approach towards hackers as an industry, really hope that @eXch can reconsider and help us to block funds outflowing from them. We are also getting help from Interpool and international regulatory… https://t.co/wRzN925X9l
— Ben Zhou (@benbybit) February 23, 2025
Bybit’s Response: A $140M Reward for Help
Bybit was actively working with cybersecurity firms and blockchain analysts to trace the stolen funds. The exchange has also issued a public call to the “brightest minds” in cybersecurity, offering a 10% bounty ($140M) for any successful recovery of the assets.
On February 24, Bybit CEO Ben Zhou announced that the exchange has fully replenished the $1.4 billion worth of Ether lost in the hack. He also stated that a newly audited proof-of-reserve report will be released soon.
Latest Update: Bybit has already fully closed the ETH gap, new audited POR report will be published very soon to show that Bybit is again Back to 100% 1:1 on client assets through merkle tree, Stay tuned. https://t.co/QLa1vOujM6
— Ben Zhou (@benbybit) February 24, 2025
Richard Adrian
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.
