Cryptocurrency exchange Bybit has confirmed a massive security breach, resulting in the theft of over $1.5 billion worth of Ethereum (ETH) and stETH from one of its cold wallets. This makes it the largest crypto heist in history, surpassing previous record-breaking hacks.

How Did the Hack Happen?

The attack occurred on February 21, 2025, during a routine transfer of funds from Bybit’s multisig cold wallet to its hot wallet. According to Bybit, hackers manipulated the signing interface, tricking the system into approving a fraudulent transaction. This allowed them to gain full control over the wallet and drain its funds. Transaction History here

Who Is Behind the Attack?

While Bybit has not officially confirmed the attackers’ identity, leading blockchain analysts Elliptic and Arkham Intelligence have attributed the hack to Lazarus Group, a notorious North Korean hacking organization. This group is responsible for multiple high-profile crypto thefts, including attacks on Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).

Independent researcher ZachXBT also found on-chain links connecting the Bybit hack to another recent attack on Phemex, suggesting a coordinated effort.

How the Stolen Crypto Was Moved

After gaining access to Bybit’s funds, Lazarus Group reportedly followed their standard laundering process:

• Exchanging stolen tokens like stETH and cmETH for Ethereum (ETH) to prevent freezing.
• Moving the stolen funds through 50 different wallets within two hours of the theft.
• Using crypto exchanges like eXch to convert Ethereum into Bitcoin (BTC), makes it harder to trace.

Crypto Exchange eXch Accused of Money Laundering

Security firm Elliptic accused eXch of knowingly helping Lazarus Group launder over $75 million in stolen funds from Bybit. However, eXch has denied any wrongdoing, claiming it processed only an insignificant amount of funds from the Bybit hack and intends to donate them to privacy-focused initiatives.

Elliptic’s co-founder, Dr. Tom Robinson, strongly disagreed, stating:

“They are certainly laundering funds stolen by DPRK from Bybit – it’s visible on the blockchain.”

What This Means for the Crypto Industry

This attack is another wake-up call for crypto exchanges and investors about cybercriminals’ increasing sophistication. Security firm Check Point Research noted that this hack used a new method—user interface manipulation—to deceive wallet signers, highlighting the growing threat of supply chain and social engineering attacks in the crypto space.

Final Thoughts

Bybit has assured users that other cold wallets remain secure and that they are working with authorities to investigate the attack. However, this incident reinforces the need for better security practices, stronger wallet protection, and advanced fraud detection to prevent such large-scale thefts in the future.

As crypto heists become more sophisticated, investors should always store funds securely and avoid relying solely on exchanges for asset protection.

Stay Updated on Breaches! Follow WeLeakDatabase for the latest news on crypto hacks, data breaches, and cybersecurity insights.

📢 Follow us on Telegram for real-time updates: https://t.me/weleakdatabase_news

💬 What are your thoughts on this massive crypto heist? Share your views in the comments!