Cryptocurrency exchange Bybit suffered the largest hacker attack in history, with a loss of 10.8 billion yuan
On February 21, 2025, the world's leading cryptocurrency exchange Bybit was hacked, and more than 400,000 ETH and stETH (total value of about 10.8 billion yuan) were transferred from cold wallets to unknown addresses, becoming the largest theft in history, far exceeding the previous record of 1 billion US dollars by the Central Bank of Iraq.
Attack details
Hackers used smart contract vulnerabilities to tamper with the signature interface and control Bybit's ETH cold wallet. Blockchain analysis agencies confirmed that the attacker was the hacker organization Lazarus Group (which led the 2017 South Korean exchange $200 million Bitcoin theft). Although the cold wallet was designed for offline security, the smart contract code vulnerability was still breached.
Market impact
- The cryptocurrency market plummeted within 24 hours, Bitcoin fell below $95,000, and more than 170,000 people worldwide were liquidated.
- Investors accelerated their shift to hardware wallets and decentralized exchanges (DEX), and DEX trading volume surged by 40%.
Bybit's response measures
1. The official statement said that the remaining cold wallets are safe, customer funds are not damaged, and the reserve fund exceeds 20 billion US dollars and can be redeemed 1:1;
2. CEO Zhou reassured users in a live broadcast, saying that 70% of withdrawal requests have been processed and the platform is operating normally;
3. Raise 80% of funds through bridge loans to fill the gap, and work with security agencies to mark the addresses of stolen funds to prevent hackers from cashing out.
Industry warning
- Security experts point out that there are fatal loopholes in the cold storage of centralized exchanges;
- Regulatory scholars warn of the risks of relaxing supervision of the crypto market and emphasize the need to balance innovation and security.
