The Bybit hack displaced Mt. Gox, the Poly Network exploit, and other known exchange hacks on February 21, 2025, as the company officially announced that hackers had stolen $1.4 billion in ETH. No hack has surpassed the Bybit loss.
Africrypt, which would have matched that record by losing $3.6 billion to hackers in 2021, was a Bitcoin investment platform—not a trading exchange like Bybit and others that have suffered losses to hackers.
How Huge Is the Bybit Hack?
The $1.46 billion stolen by the perpetrators, identified as the Lazarus Group, accounts for 16% of all previous crypto hacks combined.
Mt. Gox, a Tokyo-based and the largest crypto exchange in 2011, was the first exchange to be hit by a hack in the early days of Bitcoin, leading to the loss of 850,000 BTC, valued at $658,274,000 USD in 2014.
Other notable hacks followed, including:
- Ronin Network ($625 million stolen in 2022)
- Poly Network Exploit ($600 million)
- Coincheck Hack (at least $560 million worth of XEM coins stolen)
- Wormhole Hack (about $120,000 wETH, worth over $320 million in February 2022)
Other significant ones include:
- DragonEx ($7 million)
- KuCoin ($285 million at the time)
- Upbit (342,000 ETH valued at $49 million)
- Cryptopia (estimated $16 million USD)
- PancakeBunny Attack ($45 million in 2021)
Binance was not spared either. As one of the biggest crypto trading platforms, it was hit by hackers in May 2019, leading to the loss of 7,000 BTC, estimated at $40.7 million. Other notable hacks include:
- Bitfinex (119,754 BTC, valued at over $68 million)
- Bitgrail Attack (17 million coins, valued at $170 million)
What We Know About Bybit Hack
The Bybit hack surpassed all of the above, and here’s what we know so far about the incident and how it has changed the digital asset sector:
On February 21, 2025, crypto private investigator ZachXBT revealed “suspicious outflows” from Bybit totaling $1.46 billion on his Telegram channel. He later uncovered the addresses where the funds were being moved, showing how mETH and stETH were being swapped for ETH on DEXs.
It was a sophisticated attack. The hacker split their stolen Ethereum across multiple addresses. They began with 10,000 ETH, which was split into 39 different addresses, then another 10,000 ETH was transferred to 9 more addresses.
Detecting the attack in time was extremely difficult because the hacker didn’t break the code—they broke the humans. Each Bybit multisig signer saw a legitimate-looking UI from Safe, showing the “correct” transaction. However, the Bybit team didn’t realize the hackers were signing a transaction that altered the smart contract logic of their ETH cold wallet.
Bybit’s founder and CEO, Ben Zhou, later disclosed:
“All signers saw the masked UI, which showed the correct address, and the URL was from Safe. However, the signing message was to change the smart contract logic of our ETH cold wallet.”
Experts described this as a next-level social engineering attack that bypassed a MULTISIG.
The attacker didn’t stop there. They:
- Identified every multisig signer.
- Infected each signer’s device with malware.
- Made the UI show a different transaction than what was actually being signed.
- Got all signers to approve transactions without suspicion
The hackers redefined cold wallet security, which has been termed as secured.
What Happens If the Stolen Funds Can’t Be Recovered?
“Bybit is solvent even if this hack loss is not recovered. All client assets are 1-to-1 backed—we can cover the loss,” the company claims.
Bybit’s founder insists they can handle even a bank-run scenario:
“We have enough tokens to reimburse clients.”
Meanwhile, Safe has paused some functionality to allow for investigation. Safe’s security team stated:
“We are working closely with @Bybit_Official. We have not found evidence that the official Safe frontend was compromised.”
However, they have restricted certain functionalities out of caution.
Can Users Still Withdraw Funds From Bybit?
There are unconfirmed reports that Bybit makes more than $1.6 billion annually, making them solvent enough to cover all losses—even if the stolen funds aren’t fully recovered.
At the time of this publication, Bybit was still processing withdrawals normally. Unlike past hacks on other exchanges that resulted in halted withdrawals pending investigations, Bybit continues to operate normally.
The company clarified that only their ETH cold wallet was compromised, while their hot wallet, warm wallet, and all other cold wallets remain secure.
Users make 350,000 withdrawal requests in less than 10 hours
Since the hack on February 21, 2025, Bybit co-founder Ben Zhou revealed that their customers have made over 350K withdrawal request, stating that the company’s team have been working round the clock to ensure that all requests are processed.
“Bybit has experienced the most number of withdraws that we have ever seen, We have had a total number of more than 350k withdraws requests, so far, around 2100 withdraw requests left to be processed.”
He admitted that they had been “hit by the worst hack possibly in the history of any medians (banks, crypto, finance), But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns.”
Security Takeaways From the Bybit Hack
No matter how robust your smart contracts are or how many signers you require, if attackers can manipulate what humans SEE when they sign, the entire system breaks down.
- Multisigs aren’t foolproof if human signers can be compromised.
- Cold wallets aren’t automatically safe.
- Even if the code is secure, humans remain the weakest link.
- Supply chain attacks are becoming more sophisticated.
- Use hardware wallets with screen verification.
- Implement zero-trust security.
- Never sign transactions you don’t fully understand.
- Consider security through multiple layers and providers.
- Recognize that malware can make legitimate UIs look different.
Recovery and Trust
Will Bybit recover the stolen funds? If they do, will the incident affect customer trust? Or will recovering the funds help rebuild confidence?
This is a lesson for other crypto exchanges on why they must re-strategize in terms of liquidity when the unfortunate happens and why they must re-examine their security protocols—because cyber attackers, especially those targeting crypto exchanges, are becoming more sophisticated.
We hope Bybit will manage this situation well so the crypto community does not witness another collapse of a major exchange. Losing $1.46 billion to hackers is a massive security integrity test for a company responsible for safeguarding billions of dollars in their custody.