Bybit—one of the largest crypto exchanges globally, has fallen victim to what is now being called the biggest digital heist in history. A staggering $1.5 billion in digital assets was stolen from the platform’s supposedly secure cold wallet, sending shockwaves through the industry and raising urgent questions about cybersecurity, trust, and the future of decentralized finance.
On Feb 21, hackers breached Bybit’s cold wallet—an offline storage system designed specifically to protect funds from online attacks.
Cold wallets are typically considered one of the safest ways to store cryptocurrencies because they’re disconnected from the internet. Yet somehow, attackers managed to infiltrate this fortress of security, stealing primarily ether (ETH) and quickly moving the funds across multiple wallets before liquidating them on various platforms.
To put this into perspective, the $1.5 billion theft dwarfs previous high-profile hacks like the $611 million Poly Network breach in 2021 or the $570 million stolen from Binance in 2022. According to blockchain analysis firm Elliptic, this incident marks a grim milestone as the largest crypto heist ever recorded.
Ben Zhou, CEO of Bybit, took to social media platform X (formerly Twitter) shortly after the attack to reassure panicked users. “Please rest assured that all other cold wallets are secure,” Zhou wrote. “All withdrawals are NORMAL.” While his message aimed to calm fears, the sheer scale of the hack left many questioning whether Bybit could weather the storm.
Unsurprisingly, news of the breach triggered a wave of panic among Bybit users. Fearing potential insolvency, customers rushed to withdraw their funds en masse. Such runs are common during major security breaches, as users scramble to protect their assets before it’s too late.
Thankfully, Zhou later confirmed that outflows had stabilized. To further reassure its customer base, Bybit announced it had secured a bridge loan from undisclosed partners. This emergency funding will cover any unrecoverable losses and ensure the exchange can continue operating smoothly. While details of the loan remain under wraps, the move underscores just how seriously Bybit is taking this crisis.
But even with these measures in place, trust doesn’t come easily in the volatile world of crypto. For many users, the question remains: Could this happen again?
Blockchain sleuths at firms like Elliptic and Arkham Intelligence wasted no time tracing the stolen funds. Their investigation pointed fingers squarely at North Korea’s infamous Lazarus Group—a state-sponsored hacking collective notorious for targeting the cryptocurrency sector.
Lazarus has been active since at least 2017, when it siphoned $200 million worth of bitcoin from four South Korean exchanges. Over the years, the group has honed its craft, exploiting vulnerabilities in blockchain networks and laundering billions of dollars’ worth of stolen crypto to fund North Korea’s regime. Its methods are sophisticated, often involving mixing services and decentralized exchanges to obscure the flow of money.
Tom Robinson, chief scientist at Elliptic, explained in an email statement, “We’ve labelled the thief’s addresses in our software, to help prevent these funds from being cashed-out through any other exchanges.” While this labeling won’t recover the stolen assets, it does make it harder for the hackers to launder the money undetected.
Still, the fact that Lazarus was able to pull off such a massive heist despite heightened awareness of its tactics speaks volumes about the ongoing challenges facing the crypto industry.
