Cryptocurrency exchange Bybit was targeted by a record-breaking $1.4 billion hack on February 21, 2025, one of the biggest crypto hacks ever. The hackers stole staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens, cutting Bybit’s total assets by $5.3 billion. But independent audits keep Bybit’s reserves above its liabilities, and users’ funds are 100% secure.
Source: Gracy Chen
How Did the Hack Occur?
The hack was attributed by security experts to North Korea’s Lazarus Group, the same group that had carried out earlier $600 million Ronin Network and $305 million DMM Bitcoin hacks. The hackers hijacked Bybit’s ETH cold wallet via an advanced transaction, with signers unknowingly signing off on a modification of a malicious smart contract. This enabled the hackers to hijack the wallet and steal money.
Even with the attack, more than 350,000 withdrawal orders were executed in 10 hours by Bybit and were 99.9% completed by early February 22. CEO Ben Zhou reassured users that all functions are normal, and the team worked day and night to fix things. Top crypto players Binance, Bitget, and HTX Group’s co-founder Du Jun provided over 100,000 ETH of emergency support in total.
Bybit launches a $140M bounty to recover stolen crypto! 🔎
— BrandPR (@BrandPR_io) February 22, 2025
Ethical hackers, this is your chance to make history. Join the hunt now!
Follow for more: @BrandPR_io #BrandPR #CryptoSecurity #Bybit pic.twitter.com/exGxZ4e0Jg
The hack demonstrates the perpetual vulnerability of even the most secure exchanges. Worldwide authorities such as the US, Japan, and South Korea imposed sanctions on 15 North Koreans last week over the sale of stolen cryptocurrency used to finance nuclear weapons programs. Bybit remains financially sound with the capacity to keep user assets and continue trading.
