On February 21, 2025, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a massive cyberattack, with North Korean hackers stealing $1.4 billion worth of crypto, making it the largest exchange hack in history.
Let’s break down what happened, who was behind it, are Bybit users’ assets safe, what it means for the crypto market, and most importantly—what can we learn from it.
Hackers Stole $1.46 Billion, Making It the Largest Hack in Crypto History
Bybit, one of the world’s largest cryptocurrency exchanges, confirmed that hackers stole approximately $1.46 billion worth of cryptocurrency Ethereum (ETH) in a sophisticated cyberattack. The breach was detected on February 21.
The attackers compromised Bybit’s multi-signature cold wallet—a highly secure type of cryptocurrency storage not connected to the internet and requiring multiple approvals for transactions. By manipulating a routine transfer between Bybit wallets, the hackers redirected funds to an unknown address instead of Bybit’s designated hot wallet.
The transaction appeared legitimate, displaying the correct wallet address. However, it had been altered, secretly redirecting the funds to the attacker’s address. As a result, the hackers successfully stole $1.46 billion worth of Ethereum (ETH) from Bybit’s reserves.
What Are Cold Wallets, Hot Wallets, and Multi-Signature Wallets?
The past week started on a negative note for Bitcoin, driven by a U.S. inflation report. The released Consumer Price Index (CPI), a key measure of inflation (indicating whether the cost of living is rising), came in higher than expected and was the highest since June 2024. Fears of rising inflation led the U.S. Federal Reserve (FED) to maintain interest rates without cuts (learn more here). As a result, on February 12, Bitcoin dropped from €94,400 to €91,200.
Bitcoin then bounced back and did not fall below a key support level that could have triggered large-scale liquidations. Over the weekend, the market remained calm, signaling that both bulls (those betting on a rise) and bears (those betting on a fall) were waiting for the next significant price move.
What Contributed to Bitcoin’s Resilience?
- Cold Wallet: A cryptocurrency wallet stored offline, not connected to the internet. It provides high security against unauthorized access and hacking attempts, making it one of the safest ways to store crypto.
- Hot Wallet: An online cryptocurrency wallet connected to the internet. It allows for quick access to funds but is more vulnerable to cyberattacks due to its constant internet connection.
- Multi-Signature Wallet: A type of wallet that requires multiple approvals (signatures) for transactions, unlike standard wallets that need only one. It is used as an additional security measure for storing large amounts of cryptocurrency.
Lazarus Group of North Korean Hackers Was Behind It
The world’s most recognized blockchain investigator, ZachXBT, has identified Lazarus Group, a North Korean hacking organization, as the culprits behind the Bybit hack. On-chain tracking was used to trace the stolen funds, confirming Lazarus as the perpetrators when analysts followed the transactions to wallets linked to this group.
Who is Lazarus Group? Lazarus Group is a North Korean hacking organization known for targeting cryptocurrency exchanges and other crypto-related projects. The group has been responsible for some of the largest cyberattacks in the history of crypto, including the Ronin Bridge hack in 2022, where $625 million was stolen—the largest crypto hack in history until now.
Lazarus Group frequently launders stolen funds through decentralized exchanges and mixing services, making it difficult to trace and recover the assets. Their attacks are believed to be primarily aimed at funding North Korea’s military and nuclear programs.
Bybit Users’ Assets Are Safe
The breach was detected on February 21, prompting Bybit to temporarily halt withdrawals for investigation. After a few hours, the exchange processed all pending withdrawals, and operations returned to normal. A full incident report and security assessment will be released soon.
Despite the breach, Bybit’s CEO, Ben Zhou, assured users that their assets remain secure. He confirmed that Bybit’s other cold wallets remain safe and that all client assets are 1-to-1 backed, so users don’t need to worry. Zhou emphasized that Bybit is financially stable and capable of covering the losses from reserves without affecting user funds.
How the Bybit Hack Affected the Crypto Market?
The Bybit hack, one of the largest breaches in crypto history, sent shockwaves through the market, particularly impacting Ethereum (ETH). Following the confirmation of the attack, ETH’s price dropped by over 3% as panic spread among traders and investors.However, despite the initial drop, the overall crypto market showed resilience. Many analysts attributed the price dip to short-term panic selling. After Bybit reassured users that all funds were secure and withdrawals had resumed, market sentiment stabilized, preventing a more significant downturn.
Industry Leaders Applaud Bybit’s Response to the Hack
Following the Bybit hack, the crypto community quickly rallied in support of the exchange. Industry leaders and major exchanges stepped in to assist, demonstrating a strong sense of collaboration in times of crisis.
Tron founder Justin Sun confirmed that his network was helping track the stolen funds, while OKX deployed its security team to aid Bybit’s investigation. KuCoin also voiced its full support, emphasizing that security is a shared responsibility and that cooperation across exchanges is crucial in fighting cybercrime.
Several crypto industry figures have commended Bybit and CEO Ben Zhou for their swift and transparent response to the hack, with comments like “Big respect for how this was handled” and descriptions of it as a “masterclass in crisis management and communication.”
What Can We Learn From This?
The Bybit hack is very different from the FTX collapse in 2022 when FTX, the second-largest crypto exchange at the time, went bankrupt because it didn’t have enough funds to cover user assets. This caused a 14-16% drop in major cryptocurrencies, and users couldn’t withdraw their funds.
Bybit, on the other hand, covered the loss without affecting users, showing the importance of proper asset management—something FTX failed to do.
Today, stronger regulations require exchanges to fully back user funds, keep them separate from company reserves, and improve security. This helps prevent collapses like FTX and ensures that hacks, like the one on Bybit, don’t harm users.
The fact that Bybit guaranteed user safety within hours is proof that the crypto industry has matured. While hacks still happen, regulation is ensuring that exchanges are more secure, transparent, and responsible—making the crypto space safer for everyone.
How We at CryptoUnity Keep Users’ Assets Safe
At CryptoUnity, security is our top priority. We follow the highest regulatory standards, keeping user funds fully backed and stored in secure cold wallets—away from online threats and separate from company reserves and assets. Our platform follows strict security protocols, including multi-layer encryption, regular audits, and advanced fraud detection, to protect your assets.
What Can You Do to Keep Your Crypto Safe on CryptoUnity?
Security is a shared responsibility! While we take strong measures to protect your assets, breaches can also happen on your side. As a user, you play a crucial role in keeping your funds secure. Enhance your protection by enabling biometric authentication, using strong, unique passwords (don’t use the same one for everything), and never sharing your login details.
Stay vigilant, and together, we make CryptoUnity a safe space for everyone.
