In an alarming incident, one of the world's top cryptocurrency exchanges, Bybit, faced a massive security breach on February 21, 2025. The attack, which resulted in the theft of a staggering $1.4 billion in Ethereum-related tokens, has sent shockwaves through the crypto community. Among the stolen digital assets were significant amounts of liquid-staked Ether (STETH) and Mantle Staked ETH (mETH).
The breach was orchestrated through the exploitation of a malicious smart contract in a multisignature wallet—this allowed hackers to transfer funds without proper authorization. In a subsequent statement, Bybit's CEO, Ben Zhou, confirmed the severe security lapse but assured clients and stakeholders that the exchange remains solvent. Zhou noted that Bybit's other cold wallets have been adequately secured to prevent further damage.
Sources and Security Involvement
In the aftermath of the incident, renowned security firms TRM Labs and Arkham Intelligence attributed the attack to the Lazarus Group, a state-sponsored North Korean hacking collective with a notorious reputation for high-profile crypto heists. The Lazarus Group has been linked to several prior cyber attacks targeting digital currencies across the globe.
The stolen cryptocurrency did not remain static. It was quickly laundered using decentralized platforms such as THORChain. Blockchain analysts soon tracked the movement of around 500,000 Ether, valued at $1.04 billion, as they made their way through multiple wallets. Despite these efforts to obscure the trail, 77% of the stolen funds remain traceable according to Bybit, with security teams actively monitoring their paths.
However, the pursuit of these assets is not without its challenges. Zhou reported that 3% of the stolen sum has been successfully frozen, while approximately $280 million became completely untraceable after passing through privacy-enhancing services like ExCH. This portion of the funds is now effectively removed from the conventional tracking methods available to blockchain analysts.

Bybit's Response and Recovery
Despite this disruptive event, Bybit has showcased resilience and transparency. The exchange continued its normal operations and has honored customer withdrawal requests. Further reassuring stakeholders, Bybit managed to replenish the stolen Ether within three days following the hack, maintaining the integrity of their operations.
This incident reaffirms the need for heightened security measures in the cryptocurrency space. As hackers refine their strategies, exchanges must bolster their defenses to protect digital assets and uphold user trust. For Bybit, emerging from this crisis involves not only recovering the stolen assets but also strengthening their preventive strategies to thwart future attacks.
Comments