Bybit Hack

On February 21, 2025, Bybit hacked, a leading cryptocurrency exchange, suffered a major security breach, resulting in the theft of approximately $1.5 billion in digital assets. This incident, attributed to North Korea’s Lazarus Group, has sparked widespread concern among users and the crypto community. Below, we address the most searched questions in the United States about the Bybit hack, providing detailed answers based on available data.

Table of Contents

How did the Bybit hack happen?

The hackers targeted Bybit’s Ethereum (ETH) cold wallet, which is meant to be secure because it is kept offline.
They used a masked transaction technique, where the transaction appeared legitimate to wallet signers but contained hidden malicious code.
This code altered the smart contract logic, allowing the hackers to transfer funds without immediate detection.
Bybit’s CEO, Ben Zhou, noted that the attackers deceived the signers by displaying a correct address while manipulating the underlying contract, making this a highly advanced attack.

Who is behind the Bybit $1.5 billion hack?

The hack has been attributed to North Korea’s Lazarus Group, a state-sponsored hacking organization.
This group is notorious for targeting cryptocurrency exchanges and has been linked to previous major heists, such as the $600 million Ronin Network exploit in 2022.
Blockchain analysts, including ZachXBT, provided evidence connecting the Bybit hack to Lazarus through wallet connections and test transactions.
The involvement of a state-sponsored group underscores the growing threat of cybercrime in the crypto space.

What are the details of the Lazarus Group’s involvement in the Bybit hack?

The Lazarus Group exploited a vulnerability in Bybit’s multi-signature wallet system.
They used a masked UI and URL to trick wallet signers into approving a transaction that granted the hackers control over the ETH cold wallet.
Once access was gained, the hackers quickly transferred the funds to multiple addresses to complicate tracing efforts.
This attack combined social engineering and technical manipulation, highlighting the group’s advanced capabilities and focus on high-value targets.

What was stolen in the Bybit heist?

The hackers stole approximately 401,346 ETH, valued at around $1.4 to $1.5 billion at the time of the hack.
In addition to ETH, other Ethereum-based tokens such as mETH and stETH were also taken.
These additional tokens were later swapped for ETH on decentralized exchanges.
Blockchain analytics firms confirmed the total outflows at $1.46 billion, making this one of the largest crypto thefts in history.

What was the impact of the Bybit hack on Ethereum’s price?

The hack caused an immediate 3-5% drop in Ethereum’s price, with ETH falling to around $2,675.
The timing of the hack, during the ETHDenver event, exacerbated market volatility, as this period typically sees bullish sentiment.
Ethereum’s price has since partially recovered, but the incident highlights the market’s sensitivity to large-scale security breaches.

How did Bybit respond to the $1.5 billion hack?

Bybit’s CEO, Ben Zhou, held a livestream on X to reassure users, confirming that the exchange is solvent and can cover the losses.
He clarified that only the ETH cold wallet was compromised and that all other wallets remain secure.
Bybit secured bridge loans to cover 80% of the stolen funds, ensuring that operations, including withdrawals, continue without disruption.
Zhou’s transparency and the exchange’s financial resilience have been key in maintaining user confidence.

Is my crypto safe on Bybit after the hack?

According to Bybit, client funds are safe, and the exchange continues to operate normally.
Zhou stated that all client assets are backed 1:1 and that the hack did not affect other wallets.
However, users are advised to take additional precautions, such as:
- Enabling multi-factor authentication (MFA).
- Considering hardware wallets for large holdings.
While Bybit has reinforced its security measures, the incident serves as a reminder that no exchange is entirely immune to cyber threats.

What are the latest updates on Bybit’s recovery efforts after the hack?

Bybit is collaborating with blockchain forensics companies to track the stolen funds.
Specific details on recovered amounts are limited, but the exchange has secured bridge loans to cover a significant portion of the loss.
Recovery may be challenging due to the involvement of the Lazarus Group, which has a history of successfully laundering stolen assets.
Bybit has committed to providing updates on the investigation, and users should stay tuned to official channels for the latest developments.

What is North Korea’s role in the Bybit crypto heist?

North Korea’s involvement through the Lazarus Group adds a geopolitical dimension to the heist.
The group is known for funding the regime’s activities, including its weapons programs, through cybercrime.
This incident follows a pattern of attacks on crypto exchanges, such as the $308 million DMM Bitcoin hack in 2024.
The Bybit hack underscores the need for international cooperation to combat state-sponsored cyber threats, as these groups operate with significant resources and sophistication.

Why is the Bybit hack considered the biggest crypto heist of 2025?

The Bybit hack is the largest crypto heist of 2025 due to the unprecedented scale of the theft—$1.5 billion.
The advanced techniques used by the hackers, such as masked transactions and smart contract manipulation, set it apart from previous incidents.
It surpasses previous hacks, such as the $624 million Ronin Network exploit, in both the amount stolen and the complexity of the attack.
The involvement of a state-sponsored group like Lazarus further elevates its significance, marking it as a watershed moment in the ongoing battle for crypto security.

Conclusion

The Bybit hack of February 21, 2025, serves as a stark reminder of the vulnerabilities that persist in the cryptocurrency industry, even among top-tier exchanges. While Bybit’s response has been robust, and user funds are reportedly safe, the incident highlights the need for continuous improvement in cybersecurity measures. As recovery efforts continue and investigations unfold, the crypto community must remain vigilant and proactive in safeguarding digital assets against increasingly sophisticated threats.