Bybit has been hacked, with a loss of around $1.4 to $1.5 billion in Ethereum, confirmed by the CEO on February 21, 2025. Surprisingly, the exchange claims to remain solvent and assures customer assets are safe.
OverviewBybit, a major cryptocurrency exchange, suffered a significant security breach on February 21, 2025, resulting in the theft of approximately $1.4 to $1.5 billion worth of Ethereum and related tokens. This incident, confirmed by CEO Ben Zhou, is noted as one of the largest crypto hacks in history.
Details of the HackThe hack involved a sophisticated attack on Bybit’s Ethereum cold wallet, with funds being drained through a deceptive transaction that altered smart contract logic. Despite the massive loss, Bybit stated that only one cold wallet was compromised, and other wallets remain secure, with withdrawals continuing normally.
Impact and ResponseBybit has assured users that it remains solvent and can cover the loss, with customer assets backed 1:1. The exchange is working with authorities and on-chain analytics providers to track the stolen funds, and there’s speculation of North Korean hackers, possibly the Lazarus Group, being involved.
Comprehensive Analysis of the Bybit Hack Incident
This report provides a detailed examination of the recent security breach at Bybit, a prominent cryptocurrency exchange, which occurred on February 21, 2025, and was confirmed the following day. The incident, involving a loss of approximately $1.4 to $1.5 billion in Ethereum and related tokens, marks one of the largest hacks in the cryptocurrency industry’s history. Below, we explore the timeline, technical details, impact, and ongoing responses, supported by multiple sources and analyses.
Incident Timeline and Confirmation
The hack was first flagged by on-chain analyst ZachXBT on February 21, 2025, who reported suspicious outflows totaling around $1.46 billion from Bybit’s wallets. Within 30 minutes, Bybit’s CEO, Ben Zhou, confirmed the breach via an X post, detailing that a hacker had compromised one of the exchange’s Ethereum cold wallets through a “masked” transaction technique. This involved altering the smart contract logic, deceiving signers into approving malicious transfers. By February 22, 2025, at 1:59 AM PST, multiple news outlets, including Bloomberg Bloomberg, Cointelegraph Cointelegraph, and TechCrunch TechCrunch, had reported the incident, corroborating the scale and nature of the attack.
Technical Details of the Breach
The attack targeted Bybit’s Ethereum multisignature cold wallet, a secure, offline storage intended to protect large amounts of cryptocurrency. According to reports, the hacker exploited a vulnerability during a routine transfer to a warm wallet, using a deceptive UI to mask the transaction’s true intent. Meir Dolev, co-founder and CTO of CyVers, explained in an X post that the breach involved a malicious smart contract logic change, tricking signers into approving the transfer DL News. The stolen assets, primarily Ethereum (ETH), liquid-staked Ether (stETH), and Mantle Staked ETH (mETH), were moved to multiple new addresses, with some funds already being sold on decentralized exchanges, as confirmed by Arkham Intelligence Bloomberg.
Financial Impact and Exchange Solvency
The financial loss is estimated at $1.4 to $1.5 billion, making it the largest single crypto theft recorded, surpassing previous major hacks like the Ronin Network ($624 million) and Poly Network ($611 million) incidents TechCrunch. Despite the severity, Bybit’s CEO, Ben Zhou, reassured users via X that the exchange remains solvent, stating, “Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss” Ledger Insights. Zhou also noted that only the ETH cold wallet was compromised, with hot, warm, and other cold wallets unaffected, and withdrawals continuing normally U.Today.
Market Reaction and Broader Implications
The hack triggered immediate market reactions, with Ethereum prices dropping by nearly 3% following the announcement, and Ethereum futures traders facing $76 million in liquidations over four hours TheStreet Crypto. The timing coincided with ETHDenver, a major Ethereum conference, potentially dampening market sentiment further Forbes. Analysts, including Tom Robinson from Elliptic, described it as potentially “the largest single theft of all time,” highlighting the growing threat of crypto hacks, especially amid rising prices TechCrunch.
Suspected Perpetrators and Security Context
Researchers, including ZachXBT and Arkham Intelligence, have linked the attack to North Korean hackers, specifically the Lazarus Group, known for targeting crypto firms BitPinas. This group has been implicated in previous high-profile thefts, such as the $308 million DMM Bitcoin hack in December 2024 DL News. The incident underscores the persistent security challenges in the crypto industry, with 2024 alone seeing cumulative hack losses reaching $19 billion, according to Crystal Intelligence Cointelegraph.
Bybit’s Response and Future Steps
Bybit has reported the incident to law enforcement and is collaborating with on-chain analytics providers like Chainalysis to track and blacklist attacker addresses across Ethereum Virtual Machine (EVM) chains BitPinas. Zhou mentioned securing bridge loans to cover 80% of the stolen ETH, indicating efforts to mitigate financial impact The Record. Former Binance CEO Changpeng Zhao (CZ) offered assistance and suggested pausing withdrawals as a precaution, though Bybit has not halted operations U.Today.
Historical Context and Previous Incidents
Prior to this event, Bybit had faced rumors of hacks and insolvency in May 2024, which CEO Ben Zhou denied, clarifying issues related to Arkham Intelligence’s Proof-of-Reserves graph Bitcoinist. However, no significant breaches were confirmed before February 2025, making this the first major hack reported for the exchange.
Comparative Analysis of Crypto Hacks
To contextualize, the following table compares recent major crypto hacks, highlighting the scale of Bybit’s loss:
Exchange/PlatformDateLoss (USD Million)NotesBybitFeb 21, 20251,400 - 1,500Largest ever, ETH cold wallet compromisedRonin NetworkMar 23, 2022624Ethereum sidechain, linked to Lazarus GroupPoly NetworkAug 10, 2021611Multi-chain, partial recovery achievedWazirXJul 2024235India-based, similar attack vectorDMM BitcoinDec 2024308Japan-based, linked to North Korean hackers
This table, sourced from various reports including TechCrunch and DL News, illustrates Bybit’s breach as unprecedented in scale.
Conclusion and Outlook
The Bybit hack of February 21, 2025, represents a significant blow to the crypto industry, highlighting vulnerabilities in even well-established exchanges. While Bybit’s assurances of solvency and ongoing efforts to recover funds provide some relief, the incident underscores the need for enhanced security measures and regulatory oversight. Future developments, including potential recovery of stolen assets and legal actions against perpetrators, will be critical in restoring trust.
This comprehensive analysis is based on extensive web searches and reports from credible sources, ensuring a thorough understanding of the incident’s implications.
