 "Biggest crypto heist ever: How did hackers steal $1.5 billion from Bybit?")
Dubai-based cryptocurrency exchange Bybit has found itself at the centre of an unprecedented cyberattack, with hackers stealing approximately $1.5 billion worth of Ethereum (ETH) from the platform’s cold wallet.
The breach, now considered the largest crypto theft in history, has sent shockwaves through the digital asset industry and raised significant concerns about security vulnerabilities in crypto exchanges.
Bybit immediately sought to reassure its customers, with CEO Ben Zhou stating, “Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”
The company holds around $20 billion in customer assets and has secured additional liquidity from partners to ensure that affected users will be compensated. However, the scale of the attack has raised questions about the security protocols used by even the largest crypto platforms.
How did the hack occur?
According to initial investigations, the attack exploited security vulnerabilities when Bybit was transferring Ethereum from an offline “cold” wallet to a “warm” wallet used for daily trading.
Cybercriminals managed to manipulate security controls and transfer assets to an unidentified wallet. Experts believe the attackers used an advanced exploit targeting multi-signature (multi-sig) cold storage solutions.
Bybit revealed that the attack occurred while performing a routine Ethereum transfer. An attacker was able to exploit a vulnerability in the security controls, rerouting the funds without triggering alarms.
Zhou confirmed that all other wallets remained unaffected. Binance co-founder Changpeng Zhao (CZ) and other crypto security experts have warned that these types of breaches demonstrate systemic security risks across multiple platforms, as various crypto exchanges, including WazirX and Phemex, have also suffered attacks on multi-sig security providers in the past.
Was North Korea involved?
Blockchain analysts have traced the stolen funds and suggested that the North Korean cybercriminal syndicate, Lazarus Group, may be responsible.
This group has previously been linked to major crypto heists, including the $615 million theft from the Ronin Network in 2022. Crypto intelligence firm Arkham and blockchain investigator ZachXBT identified transaction patterns that matched Lazarus Group’s previous exploits.
If the suspicions prove correct, North Korea may now be among the largest holders of Ethereum, potentially surpassing even Ethereum co-founder Vitalik Buterin. The stolen funds could be used to finance North Korea’s nuclear programme, as has been suggested in previous cases of Lazarus Group hacking activities.
How did the market react after the attack?
Following the attack, Bybit saw a massive surge in withdrawal requests from concerned users. More than 350,000 withdrawal requests flooded the platform, leading to temporary delays.
Over $4 billion in additional withdrawals were processed, bringing the total outflow to approximately $5.5 billion. Zhou admitted that the situation created operational challenges, but his team worked around the clock to facilitate withdrawals and mitigate further damage.
The news of the hack also had an immediate impact on the crypto market. The price of Ethereum dropped by nearly 4 per cent after the hack was revealed, although it has since rebounded close to pre-hack levels.
What does this mean for Ethereum?
As the magnitude of the hack became clear, some members of the crypto community floated the controversial idea of rolling back the Ethereum blockchain to reverse the stolen transactions.
BitMEX co-founder Arthur Hayes suggested that such an action should be considered. However, Zhou acknowledged that an Ethereum rollback was unlikely due to the decentralised nature of the blockchain. “It’s not a one-man decision. It should be up to the community,” he stated.
Many experts pointed out that reversing Ethereum’s state would result in a contentious hard fork, splitting the network and undermining trust in blockchain immutability.
Historically, such measures have been met with resistance, as seen in the aftermath of the 2016 DAO hack, which led to the creation of Ethereum Classic (ETC).
What lessons can the crypto industry learn from this?
The Bybit hack has highlighted the major security challenges in the cryptocurrency space. Experts argue that the industry must adopt more advanced security solutions, moving away from traditional multi-sig setups toward more robust architectures like multi-party computation (MPC).
Key takeaways from the Bybit hack:
Avoid blind signing: Users should verify every transaction before approving, particularly when dealing with smart contracts.
Improve custody solutions: Exchanges should diversify security measures, using a mix of cold storage, hardware wallets, and institutional-grade custody solutions.
Enhance governance frameworks: Stronger protocols are needed to prevent unauthorised transactions and fraudulent activities.
Increase transaction transparency: Exchanges must prioritise transparency to protect user funds and minimise risks associated with malicious transactions.
Bybit has since enlisted cybersecurity experts to track the stolen assets and is offering a bounty of up to 10 per cent (potentially $140 million) for any recovered funds.
Zhou stated, “Bybit is determined to rise above the setback and fundamentally transform our security infrastructure, improve liquidity, and be a steadfast partner to our friends in the crypto community.”
What about Bybit’s security?
The Bybit breach is expected to attract heightened regulatory scrutiny. Governments and financial watchdogs are likely to push for stricter security compliance measures to prevent future incidents of this magnitude.
In India, Bybit was recently penalised and suspended by the Financial Intelligence Unit for non-compliance with anti-money laundering regulations, reported The Economic Times. Meanwhile, in France, it was only recently removed from the financial regulator’s blacklist after two years of regulatory engagement.
Given the increasing frequency and scale of crypto-related hacks, regulators may push for more comprehensive oversight, including mandatory security audits, stricter know-your-customer (KYC) policies, and increased transparency in fund management.
Also Watch:
While the breach was catastrophic, Bybit’s response earned praise from some industry figures for its transparency and crisis management. Crypto commentator Casey Taylor noted, “Bybit just delivered a masterclass in crisis communications after experiencing the largest hack in crypto history.”
Bybit’s swift response, open communication, and ability to process withdrawals helped contain mass panic. The company secured a bridge loan to cover any losses and assured users that operations would continue as normal.
Unlike past exchange collapses, such as the infamous Mt. Gox hack in 2014, Bybit’s proactive measures demonstrated resilience in the face of adversity. Bybit has vowed to implement stronger security measures and explore alternative custody solutions.
With inputs from agencies
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
