A historic billion-dollar crypto heist has rocked the industry—potentially the biggest hack ever! Bybit, a leading crypto trading platform, has confirmed a massive security breach, with over 401,000 ETH—worth approximately $1.1 billion—being drained from a cold wallet. The attack, which some speculate may be the work of North Korea’s infamous Lazarus Group, has left the industry questioning the security of even the most robust exchanges.
How the Hack Unfolded
The incident came to light when Whale Alert, a blockchain monitoring service, flagged a suspicious transaction involving 401,000 ETH. The funds were initially transferred to a fresh wallet before being quickly dispersed across more than 40 other wallets. Despite the swift movement of assets, blockchain explorers like Etherscan have marked these wallets as belonging to the ‘Bybit exploiter.’
Bybit CEO Ben Zhou confirmed the breach on X, stating that only one ETH cold wallet was compromised and that the exchange remains solvent despite the massive loss. Zhou reassured users that all client assets are backed 1:1 and that withdrawals remain unaffected. He further emphasised that Bybit’s treasury is capable of absorbing the loss without impacting operations.
The Attack Method and Possible Causes
Zhou elaborated on the circumstances surrounding the hack during a livestream. He explained that Bybit was performing a routine transfer from its Ethereum cold wallet to a hot wallet, a process triggered when the hot wallet reaches a specific threshold. Bybit employs Safe.global multi-signature wallets for cold storage, and Zhou himself was the last signer on the transaction.
Despite following security protocols—such as verifying the wallet address and checking that the transaction was initiated on the main Safe website—the funds were still drained. The CEO speculated on two possible causes: either all signers’ devices were compromised, leading them to interact with a fake Safe website, or Safe itself was somehow breached. Investigations are ongoing, and all Safe transactions have been paused as a precaution.
Was Lazarus Group Behind the Attack?
While no definitive culprit has been named, some cybersecurity experts suspect the Lazarus Group, a notorious hacking collective linked to North Korea. The group has been implicated in multiple high-profile crypto heists, including the $620 million Axie Infinity hack in 2022. Given their track record of sophisticated cyberattacks targeting exchanges and DeFi protocols, their involvement in the Bybit breach remains a strong possibility.
Bybit’s Response and Recovery Efforts
Despite the magnitude of the hack, Bybit has demonstrated resilience. The exchange has processed an unprecedented number of withdrawals—over 350,000 requests—with only 2,100 left pending. Zhou assured users that Bybit’s systems remain fully operational and that the team is working around the clock to maintain transparency and security.
He also confirmed that a full incident report and additional security measures would be released in the coming days. Bybit is now focused on tightening its security infrastructure and collaborating with blockchain investigators to track the stolen funds.
The Largest Hack in Financial History?
Zhou has described the Bybit hack as the worst in the history of any financial medium, including traditional banks. While estimates of the total loss vary—ranging from $1.1 billion to as high as $1.4 billion—the incident has sent shockwaves through the crypto community. The sheer scale of the attack underscores the need for continuous improvements in exchange security and multi-signature wallet protection.
Crypto Security in Crisis
As the crypto industry processes the aftermath of this historic hack, all eyes are on Bybit’s next moves. Will they recover the stolen funds? Can they reinforce their security measures to prevent future breaches? And most importantly, was the Lazarus Group truly behind this audacious attack? While the answers remain uncertain, one thing is clear—crypto security must evolve rapidly to keep up with increasingly sophisticated cyber threats.
Stay informed,