On February 21, 2025, the cryptocurrency world was shaken by the largest hack in its history: a staggering $1.46 billion in Ethereum (ETH) and related tokens was stolen from Bybit, a major cryptocurrency exchange. Blockchain investigators, including on-chain sleuth ZachXBT and Arkham Intelligence, have pointed the finger at North Korea’s notorious Lazarus Group, a state-sponsored hacking collective with a long history of cybercrime. Here’s a clear, detailed breakdown of what happened, why it matters, and what it means for the crypto community.
What Happened?
Bybit, known for its robust trading platform and large user base, fell victim to a sophisticated cyberattack targeting one of its Ethereum cold wallets—a secure, offline storage system designed to protect funds. The hackers exploited a vulnerability in Safe’s multisignature wallet interface, which Bybit used for secure transactions. According to Bybit’s CEO, Ben Zhou, a routine Ethereum transfer was manipulated, displaying a masked user interface (UI) that tricked authorized signers into approving a transaction to an unknown address. This allowed the attackers to drain the wallet, siphoning off an estimated $1.46 billion in assets.
The breach triggered panic among users, leading to over 350,000 withdrawal requests in just hours. However, Bybit acted swiftly, processing 99.994% of these requests and restoring normal withdrawal functionality. Zhou reassured the community that Bybit remains solvent, with client assets fully backed 1:1, even if the stolen funds aren’t recovered. Other Bybit wallets remain secure, and the exchange is working with authorities and blockchain analysts to track the stolen funds.
Who Are the Lazarus Group?
The Lazarus Group, also known as Hidden Cobra or Guardians of Peace, is a North Korean state-sponsored hacking group operated by the country’s Reconnaissance General Bureau. Since emerging around 2010, Lazarus has been linked to some of the most audacious cyberattacks globally, including the 2016 Bangladesh Bank heist ($101 million stolen), the 2017 WannaCry ransomware attack, and numerous cryptocurrency thefts. Their targets often include financial institutions, tech companies, and crypto exchanges, with stolen funds allegedly funneled into North Korea’s weapons programs and to bypass international sanctions.
This isn’t Lazarus’s first foray into crypto. They’ve previously attacked South Korean exchanges like Bithumb and Youbit, as well as global platforms like Ronin Network (linked to Axie Infinity, with a $615 million theft in 2022). The group’s tactics often involve social engineering, malware, and exploiting software vulnerabilities, making them a persistent threat to digital assets.
Why This Hack Matters
The Bybit hack is a wake-up call for the cryptocurrency industry. With $1.46 billion stolen, it surpasses all previous crypto heists, including the 2014 Mt. Gox collapse ($450 million) and the 2021 Poly Network exploit ($611 million). It highlights the vulnerabilities even in well-established exchanges and the advanced tactics of state-sponsored hackers like Lazarus. The incident has also sparked a massive community response, with crypto enthusiasts donating 50,000 ETH (worth around $120 million) to Bybit’s reserves, showcasing the industry’s resilience and solidarity.
For Binance users and the broader crypto community, this event underscores the importance of security. It’s a reminder to use hardware wallets, enable two-factor authentication (2FA), and stay vigilant against phishing and other scams. Exchanges, too, must prioritize robust security measures, like multi-party computation (MPC) wallets, cold storage, and regular audits, to protect user funds.
What’s Next?
Bybit has promised a full incident report and enhanced security measures in the coming days. Meanwhile, investigators are racing to trace the stolen funds, which have begun moving to new addresses and being sold off, according to Arkham Intelligence. The U.S. and international authorities are likely to intensify efforts to dismantle Lazarus operations, but the group’s state backing makes it a challenging adversary.
For crypto users on Binance and beyond, this hack serves as a critical lesson: the digital asset space, while innovative, remains a target for sophisticated threats. Staying informed, securing your assets, and supporting exchanges with strong security practices are key to navigating this evolving landscape.
Stay Safe on Binance
Binance continues to prioritize user security with advanced protocols and 2FA. Ensure your account is protected, monitor for suspicious activity, and stay updated on industry news. Together, we can build a safer crypto future.