Crypto exchange appeals to cybersecurity experts after massive Ethereum theft.
Hackers Breach Bybit’s Security, Steal $1.5 Billion in Ethereum
Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a devastating cyberattack, losing $1.5 billion worth of Ethereum in what is being called the biggest digital heist in history. The Dubai-based platform confirmed that hackers gained control of a wallet and transferred the funds to an unknown address.
Bybit Assures Users of Fund Safety Amid Crisis
Bybit CEO Ben Zhou assured users that their assets remain safe, stating that the company is solvent even if the funds are not recovered. The exchange, which holds over $20 billion in customer assets, has promised to fully reimburse all affected users. Zhou also noted that the company could cover losses internally or through loans from partners.
Withdrawal Surge Strains Bybit’s System
Following news of the breach, Bybit experienced an unprecedented surge in withdrawal requests, with over 350,000 users seeking to move their funds. This massive demand has led to delays in processing withdrawals, though Bybit insists that its overall security remains intact.
Bybit Offers $140 Million Bounty for Stolen Funds
In an effort to track down the stolen funds, Bybit has called upon the world’s leading cybersecurity and blockchain analytics experts. The exchange is offering a 10% bounty—potentially worth $140 million—to anyone who helps recover the lost Ethereum. Bybit also announced plans to overhaul its security infrastructure to prevent future attacks.
Lazarus Group Suspected in Bybit Hack
While the identity of the hackers remains unknown, some reports suggest the involvement of North Korea’s Lazarus Group, a notorious cybercriminal organization linked to major crypto heists, including the $615 million attack on Ronin Network in 2022. A key player in Lazarus Group, North Korea’s elite cybercrime unit, Park Jin is allegedly behind some of the biggest financial crimes in history, including the Sony Pictures hack in 2014, the Bangladesh Central Bank heist where $81 million was stolen, and now, a $1.4 billion heist on Bybit in 2025.
Details of the Bybit Security Breach
On February 21, 2025, Bybit was hacked for $1.4 billion despite having $16.2 billion in reserves, multi-signature cold wallets, and a strong security team. The stolen funds, totaling 401,347 ETH, were drained from one of its most secure cold wallets. Bybit CEO Ben Zhou acted swiftly, securing a bridge loan covering 80% of losses, confirming user funds were safe, and keeping withdrawals running despite $1.5 billion in outflows.
Blockchain Investigators Trace Stolen Ethereum
Blockchain analytics firm Arkham Intelligence issued a $50,000 bounty to track the hackers. On-chain investigator @zachxbt traced the stolen Ethereum and linked it to Lazarus Group by identifying test transactions before the exploit, wallet connections to past Lazarus hacks, and transaction timing matching previous attacks. Bybit and law enforcement agencies are now tracking the stolen funds.
Park Jin: The Mastermind Behind Lazarus Group
Park Jin is a North Korean hacker wanted by the FBI. He trained at Kim Chaek University of Technology in Pyongyang, worked for Chosun Expo—a Lazarus Group front company—and is accused of launching WannaCry, the ransomware attack that hit over 150 countries. The U.S. and South Korea have been tracking him for years, but North Korea denies he exists.
This is Park Jin A key player in Lazarus Group, North Korea’s elite cybercrime unit. They are behind ⟜ Sony Pictures hack (2014) ⟜ Bangladesh Central Bank heist ($81M stolen) ⟜ And now, A $1.4B heist on Bybit (2025) Here’s how he pull off one of the biggest crypto hacks…
Lazarus Group’s History of Crypto Heists
Lazarus Group has executed some of the biggest financial crimes in history, including the Axie Infinity (Ronin Bridge) hack worth $625 million, the Harmony Bridge hack for $100 million, the Stake.com attack for $41 million, the Atomic Wallet theft for $100 million, the WazirX breach for $230 million, and now the Bybit heist for $1.4 billion. Their methods include social engineering, tricking employees into handing over access, phishing attacks to steal login credentials, and malicious smart contracts that manipulate transactions.
How the Bybit Hack Was Executed
Bybit’s Ethereum was stored in a multi-signature cold wallet, considered the safest way to store funds. However, Lazarus Group exploited vulnerabilities in the transaction signing process. Hackers mirrored Bybit’s signing interface, making transactions appear normal while altering the contract logic in the background. When signers approved the transaction, they unknowingly changed the wallet’s contract code, granting full control to the hackers. The stolen funds were then split into 53 wallets, with 39 wallets receiving 10,000 ETH each and 9 wallets receiving 10,000 ETH each.
Ongoing Efforts to Recover Stolen Funds
The stolen funds are on the move, making tracking increasingly difficult. Bybit and cybersecurity experts continue their investigation, but the game of cat and mouse with Lazarus Group goes on. Even the biggest players can get hit, reinforcing the principle that not your keys means not your coins, and that cold storage isn’t always cold enough.
Disclaimer:
The information provided on 13Desk is for informational purposes only and should not be considered financial advice. We strongly recommend conducting your own research and consulting with a qualified financial advisor before making any investment decisions. Investing in cryptocurrencies carries risks, and you should only invest what you can afford to lose. 13Desk is not responsible for any financial losses incurred from your investment activities.
