Bybit Crypto Exchange Hacked: $1.4 Billion ETH Stolen from Cold Wallet

by | Feb 24, 2025 | News

Bybit Crypto Exchange Hacked: $1.4 Billion ETH Stolen from Cold Wallet

Post Views: 33




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Overview

Bybit, the world’s second-largest cryptocurrency exchange, has confirmed a major security breach, resulting in the theft of approximately $1.4 billion worth of Ethereum (ETH) from one of its cold wallets—which are generally considered among the safest storage methods for digital assets.

Bybit’s CEO, Ben Zhou, addressed the situation, confirming an ongoing investigation but reassuring users that trading remains operational and customer funds are safe despite the staggering loss.

How Did the Hack Happen?

Cold wallets are designed to be offline to prevent remote cyberattacks. This breach raises serious concerns about whether:

  • A sophisticated cyberattack bypassed offline security measures.
  • There was an insider threat or internal security failure.
  • A combination of social engineering and advanced hacking techniques was used.

At this stage, Bybit has not disclosed how the cold wallet was compromised, but speculation is mounting as experts analyze the attack vectors.

Bybit Hack: $1.4B Stolen from World's 2nd Largest Crypto Exchange

Lazarus Group’s Crypto Trail: How the Hack Was Tracked

February 21 (Day of the Hack)

At 19:09 UTC, Arkham Intelligence tweeted that ZachXBT had submitted on-chain evidence proving Lazarus Group’s involvement. His forensic analysis included:

  • Test transactions linking the stolen ETH to Lazarus wallets.
  • Connected addresses used in previous hacks.
  • Timing patterns indicating a premeditated attack.

February 22: The Phemex Connection

Further investigations revealed that Bybit hackers also executed the recent Phemex hack (Feb 20, 2025).

  • The same laundering addresses were used for both heists.
  • Overlapping wallet (0x33d057af74779925c4b2e720a820387cb89f8f65) linked funds from Bybit and Phemex.
  • Lazarus used Tron-based mixing services to obfuscate stolen assets.

February 22: The BingX Connection

Later that day, ZachXBT uncovered a link between the Bybit, Phemex, and BingX hacks using another shared laundering address (0xd555789b146256253cd4540da28dcff6e44f6e50).

Key Transactions:

  • Bybit Hack: 0x4a366130118d750715c2d35fdc07509cf943fcc988fa5e6d02211e3d5472796e
  • BingX Hack: 0x93424aa87731bb9b1d8cc1f708d2ac9f3faf914f368a00494d87cba3e7719e8c

This solidified the theory that Lazarus executed all three attacks, stealing billions in crypto assets across multiple platforms.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Impact on the Crypto Market

This breach comes at a critical time for the crypto market, which is already struggling with volatility and regulatory uncertainty. The theft of such a large sum could:

  • Shake investor confidence, leading to increased market instability.
  • Prompt stricter security regulations for crypto exchanges.
  • Trigger a sell-off, further impacting cryptocurrency prices.

Bybit, which serves over 40 million users and offers 753+ cryptocurrencies, now faces an intensive forensic investigation involving cybersecurity experts and possibly law enforcement agencies.

The Bigger Picture: Crypto Security Risks

This attack highlights the persistent security vulnerabilities in the cryptocurrency industry. Despite technological advancements, even cold wallets—previously considered the gold standard for secure storage—are not immune to breaches.

 

Trending: Essential Skills Every Hacker Should Master




Trending: Offensive Security Tool: HExHTTP

Blocking the Hackers: Freezing Stolen Funds

On February 22 at 9:05 PM UTC, ZachXBT released 920+ wallet addresses linked to the Bybit hack, helping exchanges and security teams blacklist illicit transactions.

Within 24 hours, security teams successfully froze $42.89 million in stolen funds, with help from:

  • ChangeNOW – Froze 34 ETH
  • Circle – Provided key intelligence
  • FixedFloat – Froze 120K USDC/USDT
  • Tether – Blacklisted 181K USDT
  • Bitget – Froze 84 USDT
  • THORChain, Avalanche (AVAX), and CoinEx – Assisted in tracking and freezing transactions

Bybit acknowledged the community’s swift action, tweeting:

“Big shoutout to @ZachXBT for always keeping the space sharp. 👀🔍 Your work didn’t go unnoticed—much respect.”

Bybit’s Response: Exchange Resumes Operations

Despite the historic loss, Bybit restored deposits and withdrawals while warning users about scammers impersonating Bybit employees to exploit the situation.

Bybit will never ask for personal info, deposits, or passwords. Stay sharp!

How to Protect Your Crypto Assets

  • Use hardware wallets with multi-signature authentication for added security.
  • Avoid keeping large amounts of crypto on exchanges—self-custody remains the safest option.
  • Enable two-factor authentication (2FA) and use strong, unique passwords.
  • Monitor wallet activity regularly for any unauthorized transactions.

Trending: FinalDraft Malware Uses Outlook Drafts for Covert C2

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: hackread.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This