Everything You Need to Know About the $1.5 Billion Crypto Hack
What Happened in the Bybit Hack?
On February 21, 2025, Dubai-based cryptocurrency exchange Bybit experienced a significant security breach with hackers gaining access to the smart contract for a routine transfer from a cold storage wallet to an internal hot wallet. The hack resulted in the theft of 401,000 Ether (ETH) tokens approximately worth $1.5 billion (USD) which is the largest hack to date from an exchange or a private reserve.
Previous Largest Crypto Hack
Prior to the Bybit hack, the largest cryptocurrency theft was from the Ronin Network which is a blockchain platform linked to the popular online game Axie Infinity. This hack occurred in March 2022, when approximately $625 million (USD) worth of Ether (ETH) and USD Coin (USDC) was stolen. The U.S. Federal Bureau of Investigation (FBI) linked this hack to the North Korean state-sponsored hacking group known as the Lazarus Group.
Who Is Behind the 2025 Bybit Cyberattack?
Crypto analytics firms Chainalysis, Elliptic and Arkham Intelligence followed the trail left by the hackers as they transferred and attempted to launder the stolen ETH. A significant overlap was subsequently identified with known wallet addresses previously used by the Lazarus Group. This intelligence was later confirmed by Cybertrace’s expert tracers. The laundering methods were consistent with the Lazarus’ previous methodology which further supported the conclusion that Lazarus Group was behind the Bybit Hack.
How Were the Stolen Funds Hacked?
The funders were stolen by the hackers through a manipulation of the smart contract logic of Bybit’s ETH multi-signature cold wallet. The hackers masked their malicious transaction within a legitimate one which ultimately tricked the Bybit wallet signers into approving the transfers. This was a sophisticated attack that altered the signing interface and in turn displayed the correct addresses while executing unauthorised transfers.
Will Users Be Compensated?
Based on information released by Bybit, they have already replenished their operating funds with their reserve funds of $20 Billion meaning their exchange remains solvent and despite the size of the hack, the broader cryptocurrency market has remained stable with major cryptocurrencies such as Bitcoin and Ethereum showing minimal impact. However, at the time of writing, some delayed signs of a decline in value are being realised.
Chainalysis graph showing the Bybit hack money laundering complexity.
Since Bybit has a substantial reserve and statements released by the firm, it is likely that investors will be compensated. However, this has not been confirmed by Cybertrace at this time.
Will This Change Crypto Security Measures?
Although most exchanges operate with substantial security measures, most will no doubt step up their security and will be forced to spend significant funds on these developments. In turn, the cost of increasing security will no doubt be paid for by investors in the way of increased transfer and withdrawal fees.
Being hacked is the biggest concern of exchanges as a hack will not only see them lose their client’s funds, but it will also significantly affect their reputation. Cautious investors will think twice about investing with a previously hacked exchange. No doubt this is fresh in the minds of the Bybit executive. Will Bybit recover from this hack? At this stage, it appears that Bybit has sufficient cash reserves to recover, however, time will tell if investors return. Investor caution in the immediate future is understandable. It also depends on the level of success that law enforcement has with recovering any of the stolen funds and future regulatory oversight that may come as a direct result.
Lessons From the Bybit Hack: How to Protect Your Crypto
Should You Use Exchange Wallets?
The method of storage is a common consideration for small and large investors alike with both cold and hot wallets having pros and cons. With advancement in blockchain knowledge and hacking methods over time, cold storage is not always the best method of storage.
For example, although cold storage reduces the chance of a direct hack, Cybertrace is aware of recent hacking events where malware has been installed by hackers on a pc hosting cold storage software. When the cold storage device is connected to the pc, the malware automatically transfers the funds to the hackers’ wallets.
The level of security at major exchanges is much higher than the average investors pc security. This in turn increases the level of security for hot wallets hosted with major exchanges. However, this doesn’t completely reduce the risk of hackers making off with investors funds as we can see with the Bybit hack.
Each investor must consider their options based on current security intelligence and their own infrastructure, if any, and decide the most appropriate option for their situation.
Where to From Here?
Cybertrace is monitoring intelligence networks and subsequent updates. We will post updates here as they hit our desks.
