On the evening of February 21, 2025, Beijing time, the global leading cryptocurrency exchange Bybit suffered the largest-scale hacker attack in history, with over 400,000 ETH and stETH worth more than $1.5 billion (approximately 10.8 billion RMB) transferred to unknown addresses. This incident broke the previous theft records of Poly Network ($611 million in June 2021) and the Central Bank of Iraq ($1 billion), becoming the most severe single theft case in the cryptocurrency industry and even the global financial sector.

Attack methods and vulnerability analysis

1. Exploitation of cold wallet vulnerabilities

Hackers manipulated the logic of Bybit's Ethereum multi-signature cold wallet smart contract, hiding the signature interface and tampering with the transaction process, ultimately gaining control of the cold wallet. Although cold wallets are generally viewed as 'secure fortresses for offline storage,' this attack exposed fatal flaws at the code level of the smart contract.

2. Speculation on the identity of the attacker

Blockchain security firms Elliptic and Halborn pointed out that the attack may have been led by the hacker organization Lazarus Group, which previously hacked a Korean exchange to steal $200 million worth of Bitcoin in 2017. Additionally, the hackers increased tracking difficulty by diversely transferring funds to multiple new addresses and attempting to sell them.

Bybit's response measures

1. Emergency response and user reassurance

Bybit CEO Ben Zhou quickly responded via live broadcast after the incident, emphasizing that customer funds were unaffected, the platform has processed over 70% of withdrawal requests, and committed to securing user assets through reserves (over $20 billion) and bridge loans (80% of required funds have been raised).

2. Technical tracking and legal action

Bybit collaborates with a blockchain forensics company to trace the flow of stolen funds and plans to take legal action against the hacker. Currently, the stolen addresses have been marked and monitored to prevent cashing out through exchanges.

Market impact and chain reaction

1. Cryptocurrency prices plummet

After the incident was exposed, Bitcoin fell by 3% within 24 hours, temporarily dropping below $95,000; Ethereum plummeted by 6.7%, falling below $2,700. Market panic led to over 170,000 liquidation events globally, with liquidation amounts reaching $570 million, particularly heavy losses for long positions.

2. Industry trust crisis

Investors are rapidly turning to hardware wallets and decentralized exchanges (DEX), with DEX's 24-hour trading volume surging by 40%. The security of cold storage in centralized exchanges is widely questioned.

Industry reflection and regulatory warning

1. Concerns of centralized exchanges

This incident highlights the potential risks of centralized platforms in smart contract management and cold wallet operations. Industry insiders even speculate that some exchanges may cover up financial problems through 'self-directed performances,' though this claim has yet to be verified.

2. Acceleration of global regulation

The incident has prompted multiple countries to reassess their cryptocurrency regulatory frameworks. For example:

o South Korea requires exchanges to store 80% of user assets in cold wallets and establish insurance mechanisms to address hacker risks.

o The Hong Kong Securities and Futures Commission emphasizes equal importance on investor protection and compliance innovation, promoting the safe development of the Web3 ecosystem.

o The recent establishment of a cryptocurrency task force by the US SEC may strengthen audit and disclosure requirements for exchanges following this incident.

VI. Future outlook

1. Upgrading technical defenses

The industry needs to strengthen smart contract audits and multi-signature mechanisms, and explore privacy protection technologies such as zero-knowledge proofs to prevent similar vulnerabilities.

2. Challenges in Bybit's recovery

Although Bybit claims that the stolen assets account for only 9% of its total reserves, its brand reputation has been severely damaged. In the long run, whether it can rebuild user trust will depend on its transparency and subsequent security measures.

The $1.5 billion theft case at Bybit is not only a wake-up call for the cryptocurrency industry but also a test of the global financial security system. With the improvement of regulatory frameworks and the iteration of technical defenses, the industry may usher in a more standardized development phase, but investors still need to be vigilant about market volatility and platform risks, prioritizing compliant and transparent trading channels.