On February 21, 2025, Bybit, a Dubai-based cryptocurrency exchange, experienced a significant security breach resulting in the theft of approximately $1.5 billion worth of Ethereum (ETH). The incident occurred during a routine transfer from the exchange's cold wallet—designed for secure, offline storage—to a warm wallet used for daily operations. Hackers exploited this process, gaining unauthorized access to the cold wallet and transferring 401,000 ETH to an unknown address.
In response to the breach, Bybit's CEO, Ben Zhou, assured clients that the company remains solvent, with all client assets backed 1:1. He emphasized that unaffected wallets and withdrawals continue to operate normally. Bybit is collaborating with blockchain forensic experts to trace the stolen funds and has initiated a recovery bounty program, offering up to 10% of the recovered amount to ethical hackers assisting in the retrieval of the stolen cryptocurrency.
Blockchain analytics firms Arkham Intelligence and Elliptic have attributed the attack to North Korea's Lazarus Group, a cybercrime organization known for previous cryptocurrency thefts. Elliptic's analysis suggests that the group employed sophisticated methods to launder the stolen assets through numerous blockchain transactions.
This event underscores the vulnerabilities present even in systems designed with enhanced security measures, such as cold wallets. It highlights the necessity for continuous advancements in security protocols within the cryptocurrency industry to safeguard digital assets against increasingly sophisticated cyber threats.
