A record US$1.6bn crypto haul vanishes in a devious hack — proof even “secure” exchanges are just piggy banks for clever APTs
On 21 February 2025, Bybit, a major Dubai-based cryptocurrency exchange, experienced an unprecedented security breach, losing approximately US$1.5bn in Ethereum tokens.
This incident, widely regarded as the largest single crypto theft in history, has sent shockwaves through the digital asset community.
The attackers had exploited vulnerabilities during a routine transfer from an offline “cold” wallet to a “warm” wallet, tricking the system into approving a malicious transaction. Over 400,000 ETH tokens had been siphoned to numerous unidentified addresses, surpassing the previous record set by the US$620 million Ronin Network heist in 2022.
Bybit’s CEO, Ben Zhou, swiftly confirmed the breach, emphasizing that only one wallet had been compromised, and that client funds remain secure, backed 1:1 by the exchange’s US$20bn in assets.
Despite a surge of over 580,000 withdrawal requests and a consequent reported US$4bn “bank run”, Zhou had assured users that the crypto exchange remains solvent, with the pledge to secure a bridging loan to cover losses if needed.
The exchange has enlisted blockchain forensic experts to trace the stolen funds, and has also launched a recovery bounty program offering up to 10% of retrieved assets to cybersecurity specialists that assist.
Experts suspect that North Korea’s advanced persistent threat (APT) Lazarus Group, notorious for high-profile crypto heists, may have been the masterminds of the attack.
According to security analyst Rob Behnke, this attack is potentially the “largest financial cyberattack ever,” highlighting the sophistication involved. The breach reignited debates about crypto platform vulnerabilities, with some, like former SEC official Corey Frayer, questioning how the exchange could have lost such a sum despite supposedly robust protocols.
Meanwhile, the value of Ethereum dipped nearly 4% to US$2,641.41 but avoided a larger crash. Industry voices warn that such incidents underscore persistent risks in the sector, urging stronger safeguards as Bybit collaborates with authorities to pursue the culprits and mitigate fallout.
