Bybit hack: How $1.5 Billion in Ethereum vanished in seconds

Hi guys, I’m back with another article. This time, a very long one because we’re diving into the biggest hack in crypto history.

Buckle up, because this is a wild story of how hackers pulled off a $1.5 billion heist on Bybit, shaking the entire crypto world. From sophisticated cyberattacks to blockchain sleuthing and market chaos, this one has it all.

Let’s break down exactly what happened, who’s behind it, and what this means for the future of crypto security.

On February 21, 2025, Dubai-based cryptocurrency exchange Bybit suffered a catastrophic security breach, resulting in the theft of approximately 401,000 Ethereum (ETH) — worth an estimated $1.5 billion at the time. This incident marks the largest cryptocurrency heist in history, surpassing previous record-breaking hacks.

The cold to warm wallet breach

Bybit’s security breach took place during a routine transfer between its storage systems:

Cold wallets: Offline wallets used for secure long-term storage of crypto.
Warm wallets: Partially connected to the internet, used for daily transactions.

During this transfer, attackers exploited a vulnerability that allowed them to manipulate transaction data, redirecting the funds to addresses under their control.

Think of it like a bank moving cash from a vault (cold wallet) to an ATM (warm wallet), and hackers intercepting the transfer mid-way.

How much was stolen?

The hackers successfully siphoned 401,000 ETH, valued at around $1.5 billion at the time.

Once in control of the stolen assets, they quickly started laundering the funds across various crypto wallets.

Who’s behind the attack?

Blockchain forensics firms traced the hack to the Lazarus Group — a North Korean state-sponsored hacking organization.

Lazarus Group’s track record

Lazarus is notorious for hacking financial institutions and crypto exchanges to fund North Korea’s government operations. They’ve been linked to:

The $620M Ronin Network (Axie Infinity) hack in 2022
The $100M Harmony Horizon Bridge hack in 2022
Multiple DeFi and centralized exchange exploits since 2023

How did they launder the funds?

Investigators discovered that the hackers used over 11,000 cryptocurrency wallets to launder and distribute the stolen ETH.

So far:

$335 million has already been laundered.
$900 million remains untouched but could be moved soon.

Crypto laundering often involves breaking large transactions into smaller pieces and routing them through mixers, decentralized exchanges, and privacy coins.

Bybit’s response and recovery efforts

Bybit CEO Ben Zhou quickly addressed user concerns, stating that:
- All client assets are backed 1:1
- The exchange remains fully solvent
- Users will not bear any losses

This means that, despite the massive theft, customer withdrawals and trading can continue as normal.

Handling the surge in withdrawals

As news of the hack broke, Bybit saw a flood of withdrawal requests, processing over 580,000 transactions in the hours following the attack.

While the platform handled the surge, some delays were reported due to the high transaction volume.

Tracking the stolen funds

To recover the stolen assets, Bybit has:

Partnered with blockchain forensic experts to track the movement of stolen ETH.
Launched a bounty program, offering up to 10% of any recovered funds to those who help retrieve the stolen crypto.

This means someone could earn a $150M reward if they help recover all of the stolen ETH.

Impact on the market

Ethereum and Bitcoin prices drop

News of the Bybit hack caused a temporary panic in the market:

Ethereum (ETH) fell nearly 4%, dropping to around $3,400.
Bitcoin (BTC) fell below $90,000 for the first time since November 2024.

These price drops reflect broader concerns over security vulnerabilities in crypto exchanges.

What this means for crypto security

The Bybit hack highlights ongoing security risks in centralized exchanges (CEXs), despite improved security measures.

Cold Wallet transfers are a critical risk point

Even “offline” storage isn’t immune to sophisticated attack methods.
Exchanges must tighten internal controls around transfers.

State-sponsored crypto crime is growing

North Korea’s cyber army continues to exploit crypto for funding.
Governments and exchanges need stronger countermeasures.

Users must prioritize security when storing crypto

Holding funds on an exchange always carries risk.
Self-custody (hardware wallets) is the safest option for long-term holdings.

Final thoughts

The $1.5 billion Bybit hack is a wake-up call for the crypto industry. While Bybit has reassured users that their assets are safe, this incident underscores the growing sophistication of cybercriminals and the need for stronger security practices.

As investigations continue, the focus will be on whether:
- Any of the stolen funds can be recovered
- Exchanges improve their security protocols
- Regulators take action to prevent future breaches

Until then, crypto users like you should remain cautious, keep funds in secure wallets, and stay informed about security threats in the space.

Read more about this crazy hack here.