Bybit, one of the world’s largest cryptocurrency exchanges, has been hacked, with analysts estimating losses of nearly $1.5 billion. Experts believe North Korean hackers were behind the attack, making it the biggest crypto theft in history.
The breach was revealed by Bybit CEO Ben Zhou in a post on X. He stated that hackers had gained control of one of the company’s offline Ethereum wallets. On-chain analyst ZachXBT reported that approximately $1.46 billion in assets were transferred out of the wallet in multiple suspicious transactions. Arkham Intelligence confirmed at least $1.4 billion in outflows, stating the stolen funds were being moved to new addresses and sold.
Blockchain analytics firm Elliptic labeled the attack the largest crypto theft ever, surpassing the $611 million stolen from Poly Network in 2021. Rob Behnke, executive chairman of security firm Halborn, said it might be the biggest financial hack of any kind.
In response, Zhou addressed users on a livestream, assuring them that Bybit had taken out bridge loans and secured about 80% of the funds needed to cover the loss. He stated that the exchange was working to recover stolen assets and would pursue legal action against the hackers.
“Your money is safe, and withdrawals remain open,” Zhou said. He added that over 70% of withdrawal requests had been processed since the attack. However, Bybit is not purchasing additional Ether to replace the stolen assets.
Bybit, founded in 2018, is a Dubai-based exchange with a daily trading volume exceeding $36 billion. Before the attack, it held $16.2 billion in assets, according to CoinMarketCap. The stolen amount represents nearly 9% of its total holdings.
The exchange recently surged to the second-largest global spot by trading volume, partially filling the gap left by the collapse of FTX. Bybit allows traders to use digital tokens as collateral for margin trading, which contributed to its rapid rise in popularity.
Research firm Nansen reported that most stolen funds consisted of $1.12 billion worth of Ether, along with Ether derivatives like stETH. The hackers initially transferred the assets into a single wallet before dispersing them into more than 40 others. The attacker then converted the derivatives into Ether and moved them in $27 million increments into over 10 additional wallets. A significant portion of the funds remains untouched in these wallets.
Arkham Intelligence attributed the attack to Lazarus, a North Korean hacking group known for high-profile cyber crimes. Crypto researcher ZachXBT provided what experts called definitive proof linking the group to the heist.
Shahar Madar, vice president of security at Fireblocks, compared the attack to previous breaches targeting crypto exchange WazirX and lending protocol Radiant Capital. “Both cases were linked to North Korea. These are highly skilled attackers,” Madar said.
The crypto market reacted sharply to the news. Ether fell nearly 8% from its daily high, while Bitcoin dropped almost 5%. Ethena Labs’ USDe, a widely used synthetic dollar token, briefly lost its one-to-one peg, dipping to 98 cents before stabilizing.
Bybit continues its investigation, working with blockchain security firms to trace and recover the stolen funds. Meanwhile, industry experts warn of increasing cyber threats targeting major exchanges.
The attack underscores the vulnerability of even the largest crypto platforms, raising concerns about security in the digital asset space.
