On February 21, 2025, Bybit suffered a major security breach, with nearly $1.5 billion worth of Ethereum (around 401,000 ETH) stolen from its cold wallet. The hackers reportedly exploited a vulnerability in smart contracts, allowing them to manipulate the process of transferring funds from the cold wallet to the hot wallet, and take control of the digital assets.
Although the party responsible for the attack has not been officially confirmed, some reports suggest that the North Korean Lazarus Group may have been involved in the hack. This group is known for its history of carrying out cyber attacks on cryptocurrency platforms.
Following the incident, Bybit CEO Ben Zhou confirmed that customer funds are safe and secure, and withdrawals have resumed without delay. The platform continues to cooperate with security experts and relevant authorities to investigate the incident and recover the stolen funds.
This hack is one of the largest incidents in the history of cryptocurrencies, highlighting the ongoing security challenges facing centralized platforms in this field.