Security execs weigh in on ‘staggering’ scale of record Bybit hack

Just after the crypto industry achieved a milestone victory in the Coinbase-SEC lawsuit on Feb. 21, Bybit crypto exchange suffered the largest security breach in crypto history.

The Dubai-based cryptocurrency exchange — the industry’s second-largest by trading volume — lost roughly $1.5 billion in staked Ether (ETH) and other ERC-20 coins. 

The attack surpassed the previous record, more than twice the size of the $611 million Poly Network attack in 2021 and the at least $600 million Ronin bridge exploit in 2022.

According to blockchain analytics firm Elliptic’s chief scientist and co-founder, Tom Robinson, the breach may not only be the largest crypto heist ever, but potentially the biggest single theft of any kind.

“It’s also potentially the largest single theft of any kind, ever.”

The plot soon deepened when onchain analyst ZachXBT and Arkham Intelligence identified North Korea’s Lazarus Group as behind the hack. The group is said to be tied to North Korea’s government and is thought to be behind some of the world’s largest cyberware and ransomware hacks. 

Bybit assets fall by $5.3 billion in wake of hack

The breach was confirmed at 3:53 pm UTC on Feb. 21 by Bybit co-founder and CEO Ben Zhou, who reported on X that a hacker had taken control of an ETH cold wallet and “transferred all ETH in the cold wallet” to an “unidentified address,” presumably controlled by the hacker. Zhou supplied a link to blockchain explorer Etherscan.

Etherscan showed that 401,346.77 ETH was transferred from Bybit’s cold wallet to the exploiter’s wallet at 2:16 am UTC on Feb. 21.

Zhou posted multiple times on X in an effort to answer the flood of questions. “Bybit Hot wallet, Warm wallet and all other cold wallets are fine. The only cold wallet that was hacked was ETH cold wallet. ALL withdrawals are NORMAL,” he said. 

Indeed, Bybit has processed all withdrawals. At the time of writing, the value of Bybit’s total assets has fallen by over $5.3 billion, according to DefiLlama data — this figure includes the $1.4 billion in stolen assets.

Related: In pictures: Bybit’s record-breaking $1.4B hack

“Bybit is solvent even if this hack loss is not recovered, all of the client’s assets are 1 to 1 backed — we can cover the loss,” Zhou stated in a later X post.  

The CEO also said on an X livestream that Bybit had taken out bridge loans with partners and had secured about 80% of the funding needed to cover the losses. 

Meanwhile, ETH dropped 6.7% during the day, but by 1:00 am UTC it had mostly recovered. It was only down 2% over the previous 24 hours, according to CoinGecko. 

Industry reacts to Bybit hack: Scale is ‘staggering’

“Today’s hack is the biggest ever,” Maddie Kennedy, vice president of communications at Chainalysis told Cointelegraph, and accounts for “more than half of the cumulative funds stolen last year.” 

Was this a new trend? “Trends on hacks are very outlier-driven,” she noted. It may be hard to tell at this point.

Not all were taken aback. “The scale of this incident is staggering, but not entirely surprising to those of us who have been tracking the evolving threat landscape,” Rob Behnke, co-founder and executive chairman at Halborn, a blockchain security firm, told Cointelegraph, adding:

“We’ve seen the sophistication of attacks grow alongside the value locked in these platforms.” 

In this instance, the hacker manipulated Bybit’s Ethereum cold wallet “through a spoofed user interface and malicious smart contract alteration,” Behnke continued, in “the kind of advanced tactics we’ve been warning about.” He added:

“While the sheer size sets a new benchmark, it aligns with the trend of attackers targeting high-value exchanges with increasingly creative exploits.” 

Rising vulnerabilities? 

“It’s the latest incident for an industry struggling with security concerns that present hurdles to mainstream adoption,” noted Morningstar, while Zhou himself characterized the attack as “part of a rising trend of sophisticated crypto hacks in early 2025, including the ZkLend breach on Starknet.”

The breach “highlights both systemic challenges and unique circumstances,” added Behnke. “Crypto exchanges are prime targets because they custody enormous amounts of value, often in complex, multi-layered systems that can harbor unnoticed vulnerabilities.”

Related: Bybit hack, withdrawals top $5.3B, but ‘reserves exceed liabilities’ — Hacken

“Given the isolated nature of the signing hack, and how well capitalized Bybit is, I don’t expect there to be contagion,” Coinbase’s Conor Grogan wrote on X.

Throughout the day, Zhou appeared determined to be transparent about what had occurred, even posting detailed answers to questions like: “How did hackers gain control?” and “How does one prevent similar attacks?”

“How to prevent?” asked Behnke rhetorically. Don’t “blindly sign a TX [transaction] request unless you check every single piece of data you’re signing, especially if it’s securing $1.5 billion of assets.”

As for “being open,” the CEO really didn’t have much of a choice, Behnke told Cointelegraph. What else could he do? Still, he was “glad to see him hop into X spaces right away.” Better than going dark. 

All in all, there probably weren’t any winners Friday apart from Lazarus Group, but some in the crypto community will probably agree with Aave’s Stani Kulechov, who posted: “Biggest winner is self custody.”

Magazine: MegaETH launch could save Ethereum… but at what cost?