Monday, April 28, 2025
HomecryptocurrencyBiggest Crypto Hack in History - Hackers Stolen $1.46 Billion Worth...

Biggest Crypto Hack in History – Hackers Stolen $1.46 Billion Worth Crypto From Bybit

Published on

SIEM as a Service

Follow Us on Google News

In what has become the largest cryptocurrency theft in history, hackers infiltrated Bybit’s Ethereum cold wallet on February 21, 2025, siphoning approximately 401,346 ETH valued at $1.46 billion.

The breach, attributed to North Korea’s Lazarus Group, exploited vulnerabilities in Bybit’s multisignature wallet interface, redirecting funds through a sophisticated smart contract manipulation.

While Bybit assured users that client assets remained secure and operations uninterrupted, the incident has reignited debates about blockchain immutability, regulatory oversight, and the evolving tactics of state-sponsored cybercriminals.

- Advertisement - Google News

Compromising the Multisig Protocol

The attack targeted Bybit’s Ethereum cold wallet during a routine transfer to a warm walleta standard operational procedure for liquidity management.

Hackers manipulated the transaction’s signing interface, overlaying a legitimate destination address with malicious smart contract logic.

This technique, known as a “masked payload attack,” deceived authorized signers into approving transfers that redirected funds to wallets controlled by the Lazarus Group.

Unlike conventional private key thefts, this method exploited human-computer interaction flaws rather than cryptographic weaknesses, underscoring the vulnerabilities inherent in multisig governance models.

Laundering Through Decentralized Infrastructure

Within hours, the stolen ETH was fragmented into 48 wallets, with 10,000 ETH routed to crypto mixer eXch to obscure transaction trails.

Blockchain analytics firm SlowMist reported subsequent conversions into privacy-centric coins like Monero (XMR) and cross-chain transfers to Bitcoin via bridges.

This rapid obfuscation highlights the challenges of tracking funds in a decentralized ecosystem: unlike the 2016 DAO hack, where stolen ETH remained static for weeks, modern DeFi composability enables near-instantaneous asset mobility.

Ethereum Foundation developer Tim Beiko dismissed calls for a blockchain rollback, contrasting the Bybit incident with two historical exceptions:

  1. 2010 Bitcoin Overflow Bug: A protocol-level violation allowed the creation of 184 billion BTC, resolved via consensus rollback when the network was nascent.
  2. 2016 DAO Hack: A 30-day fund freeze enabled Ethereum’s controversial hard fork, splitting the chain into ETH and Ethereum Classic (ETC).

In the Bybit case, transactions adhered to Ethereum’s protocol rules, leaving no technical basis for intervention.

Additionally, the interconnectedness of DeFi protocols—where ETH collateralizes loans, stablecoins, and derivatives renders selective rollbacks impractical.

Reversing transactions would invalidate legitimate trades across lending platforms like Aave and decentralized exchanges like Uniswap, causing systemic instability.

BitMEX co-founder Arthur Hayes controversially advocated for a rollback, stating, “We already voted no on immutability in 2016… why not do it again?”.

However, Ethereum developers and exchanges overwhelmingly rejected this proposal. Gautham Santhosh of Polynomial.fi emphasized that modern Ethereum’s complexity makes DAO-style rescues impossible: “A rollback would break bridges, stablecoins, L2s, and RWAs”.

The community’s resistance underscores a maturation in blockchain philosophy—prioritizing decentralization over centralized crisis management.

Lazarus Group’s Expanding Footprint

Blockchain investigator ZachXBT linked the attack to the Lazarus Group through transaction pattern analysis and test wallet linkages.

Arkham Intelligence confirmed these findings, awarding ZachXBT a $50,000 bounty for identifying the exploit’s origin.

With this theft, North Korea’s crypto reserves now exceed $3 billion annually, financing an estimated 40% of its ballistic missile program.

The Bybit breach follows Lazarus’ 2022 theft of $625 million from Axie Infinity’s Ronin Bridge, demonstrating improved technical sophistication and operational scale.

eXch, the mixer used to launder stolen ETH, has a documented history of collaborating with state-sponsored actors.

SlowMist revealed that eXch administrators ignored Bybit’s requests to freeze tainted funds, instead accelerating Monero conversions to thwart tracing.

This complicity highlights the regulatory vacuum surrounding decentralized mixers, which exploit jurisdictional arbitrage to service illicit actors.

Despite losing 7.3% of its $20 billion reserves, Bybit CEO Ben Zhou affirmed solvency, citing 1:1 client asset backing and bridge loans from partners like Binance and Bitget.

Binance and Bitget transferred 50,000 ETH to Bybit’s cold wallets, with Bitget pledging 25% of its reserves a move interpreted as both solidarity and preemptive risk mitigation against industry-wide contagion.

Tether further stabilized markets by freezing $181,000 USDT linked to Lazarus-controlled addresses.

Ethereum’s Price Volatility

ETH plunged 4% to $2,412 post-hack but rebounded to $2,770 within 48 hours amid institutional buying. This resilience contrasts with the 2014 Mt. Gox breach, where Bitcoin fell 50%, suggesting improved market depth and investor differentiation between protocol and custodial risks.

The hack intensified scrutiny on Bybit’s regulatory standing. In India, the Financial Intelligence Unit (FIU) had previously penalized Bybit for AML violations, while French regulators recently delisted it from a blacklist after two years of oversight.

Post-incident, the U.S. Treasury Department signaled plans to classify mixers like eXch as “primary money laundering concerns,” invoking Section 311 of the Patriot Act.

Bybit announced a migration from Safe’s smart wallets which temporarily froze $3 billion in USDT during the crisis to hybrid MPC (Multi-Party Computation) solutions combining hardware security modules with on-chain governance.

This shift reflects broader industry trends toward institutional-grade custody, as seen in Coinbase’s 2024 partnership with Anchorage Digital.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...