Bybit Faces Unprecedented $1.5 Billion Crypto Heist Linked to DPRK

In a significant blow to the cryptocurrency industry, Bybit, a leading crypto exchange, has fallen victim to an unprecedented security breach, resulting in the loss of nearly $1.5 billion worth of Ether (ETH). This breach, which occurred on February 21, 2025, marks the largest digital heist in cryptocurrency history. According to Chainalysis, the attack is suspected to be linked to North Korean state-sponsored hackers, raising serious concerns over cyber threats from the region.

Details of the Bybit Exploit

The attack on Bybit highlights the sophisticated tactics employed by hackers associated with the Democratic People’s Republic of Korea (DPRK). The exploit began with a social engineering attack, where hackers managed to compromise Bybit’s user interface through phishing attacks targeting cold wallet signers. This allowed them to replace the Safe’s multi-signature wallet implementation contract with a malicious one, facilitating unauthorized transfers.

During a routine transfer from Bybit’s Ethereum cold wallet to a hot wallet, the attackers intercepted the process, rerouting approximately 401,000 ETH, valued at nearly $1.5 billion at the time, to their own addresses. The stolen assets were then dispersed through a complex network of intermediary wallets, a common tactic to obfuscate the trail and hinder tracking efforts.

The hackers further complicated recovery efforts by converting significant portions of the stolen ETH into other cryptocurrencies, including Bitcoin (BTC) and DAI, utilizing decentralized exchanges and cross-chain bridges to move assets across different networks.

Industry Collaboration and Recovery Efforts

In response to this massive theft, Bybit has launched a recovery bounty program, offering up to 10% of the recovered amount to individuals aiding in the retrieval of the stolen funds. The exchange is actively collaborating with industry experts, including Chainalysis, and law enforcement agencies to trace the stolen assets and mitigate further risks.

The transparency inherent in blockchain technology presents a unique challenge for the perpetrators, as every transaction is recorded on a public ledger. This feature is a critical tool for authorities and cybersecurity firms to trace and monitor illicit activities in real-time. Bybit’s swift response, including assurances to cover customer losses and engagement with blockchain forensic experts, underscores the industry’s commitment to resilience and mutual support.

Efforts are underway to freeze the stolen assets, with more than $40 million already secured. The collaboration of public and private sectors is vital in these recovery efforts, showcasing the industry’s unified front in combating sophisticated cyber threats and maintaining a secure digital financial environment.

As the investigation continues, the cryptocurrency community remains vigilant, working collaboratively to fortify defenses against future attacks and enhance the overall security of digital assets.

For further details, visit the Chainalysis blog.

Image source: Shutterstock