The largest hack of the Bybit exchange: hackers stole $1.4 billion in cryptocurrency
21 February 21:48
on February 21, 2025, the Bybit cryptocurrency exchange suffered a large-scale hacker attack that stole more than $1.4 billion in various crypto assets, including 401,347 ethers (ETH). This was reported by "Komersant Ukrainian" with reference to Crypto Briefing.
The incident occurred due to the compromise of the exchange’s Ethereum wallet, which allowed the attackers to transfer funds to an unknown address.
According to Ben Zhou, the attack only affected the cold Ethereum wallet; the rest of the exchange’s wallets remained safe, and withdrawals continue as usual. Bybit is working with blockchain analytics experts to track and recover the stolen funds. This incident is the largest theft in the history of cryptocurrency exchanges, surpassing even the Ronin Network hack in 2022, when $600 million was stolen.
The attack was carefully planned: the attackers used social engineering to trick the Bybit team into authorizing a malicious transaction. This was achieved by displaying a fake interface that looked legitimate but contained malicious code that modified the logic of the Ethereum cold wallet smart contract. As a result, the hackers gained full control of the wallet and transferred funds to their own addresses.
After the hack, the hackers began to quickly move and sell the stolen assets. Arkham reported that the funds began to move to new addresses and were partially sold. So far, about 200 million steak ethers (stETH) have been sold. Bybit is calling on blockchain security experts to help track and recover the stolen funds.
Despite the use of cold wallets, which are considered safer due to the lack of an Internet connection, hackers continue to find ways to bypass security mechanisms. Experts called on exchanges and other crypto companies to regularly update their security protocols and train employees on how to counter social engineering.
