💻🔧 Incident Overview
In a shocking turn of events, Dubai-based cryptocurrency exchange Bybit has suffered a massive security breach, resulting in the theft of $1.38 billion in digital assets. This hack, now recognized as the largest in cryptocurrency history, has sent shockwaves through the industry.
The attack primarily targeted Bybit's Ethereum cold wallet, exploiting vulnerabilities in multi-signature security protocols.
💬 Binance CEO CZ Weighs In
Following the hack, Binance's CEO Changpeng Zhao (CZ) shared his insights on Twitter:
📌 "There is a pattern where hackers steal large amounts from multi-sig 'cold storage' solutions, as seen with ByBit, Phemex, WazirX, and others. The hackers, likely the Lazarus Group, are highly advanced. What’s concerning is that the affected exchanges used different multi-sig providers."
📌 "My suggestion of halting all withdrawals was based on experience. After a security breach, pausing everything, understanding the root cause, and triple-checking security before resuming is the safest approach."
📌 "Ben (Bybit's CEO) maintained transparency and calm, unlike other CEOs from exchanges like WazirX and FTX."
🌐 Bybit CEO Ben Zhou Responds
Bybit’s CEO Ben Zhou responded promptly:
📌 "If this hack had compromised our internal systems, we would have halted withdrawals. But since it was our ETH cold wallet, it had nothing to do with our internal infrastructure. That's why I made the call to keep withdrawals open."
📌 "We are overwhelmed by the support from Binance, CZ, and industry leaders. This was a tragic event for Bybit, but the crypto community showed strength and unity."
🔐 The Scale of the Breach
This incident now ranks as the largest cryptocurrency exchange hack to date, surpassing past notorious hacks:
Top 10 Crypto Exchange Hacks in History
🔒 Bybit (2025) ➺ $1.38 billion
💰 Mt. Gox (2011) ➺ 647,000 BTC stolen
💸 Bitfinex (2016) ➺ 120,000 BTC stolen
🌟 Coincheck (2018) ➺ $532 million stolen
💀 FTX (2022) ➺ $415 million stolen
🔄 KuCoin (2020) ➺ $280 million stolen
📈 WazirX (2024) ➺ $235 million stolen
🤝 QuadrigaCX (2018) ➺ $190 million stolen
🔰 Coinbene (2019) ➺ $105 million stolen
📉 Phemex (2025) ➺ $69 million stolen
🛡️ Industry-Wide Security Concerns
🔧 Pattern in Recent Hacks: A series of hacks, including those at Bybit, Phemex, and WazirX, indicate a systemic vulnerability in multi-signature cold storage solutions.
🔐 Lazarus Group Suspected: The advanced nature of the attacks suggests involvement from the Lazarus Group, a North Korean cybercrime syndicate notorious for large-scale crypto thefts.
🌐 Security Practices Under Scrutiny: Industry experts debate whether halting withdrawals after a breach should be standard practice. Bybit’s decision to keep withdrawals open contrasts with Binance’s cautious approach in 2019.
🛡️ Next Steps & Future Precautions
📝 Bybit has partnered with blockchain forensic teams to trace the stolen funds.
🛠️ Users are advised to reassess their security measures, especially those relying on multi-signature cold wallets.
🌐 The industry must adopt enhanced security protocols, potentially shifting towards more decentralized security mechanisms to mitigate such risks.