Key Takeaways:
- Bybit suffered a $1.4 billion hack, the largest in crypto history, sparking widespread market fear.
- Blockchain sleuth ZachXBT linked the attack to the notorious Lazarus Group.
- Bybit assured users that all client funds remain safe despite the breach.
The Bybit security breach has rattled the cryptocurrency landscape, pushing Bitcoin into sharp decline. Santiment reported that investor sentiment had hit extreme fear levels, similar to mid-February when markets staged a swift rebound.
While no outcome is guaranteed, historical trends suggest that crowd-driven fear often precedes price recoveries. However, the scale of this attack and its impact on exchange trust could shape market reactions differently this time.
Bybit Loses $1.4 Billion in Unprecedented Attack
On February 21, the exchange reported a record-breaking over $1.4 billion exploit, the biggest crypto theft in the asset’s life in the last 15 years. The attack alone accounted for over 60% of crypto theft in 2024, according to Cyvers data.
The exchange revealed attackers took over the signing interface of its cold wallet on Ethereum and could change smart contract logic without anyone detecting it. The attackers sent unauthorized transfers to other addresses.
Bybit acted quickly, addressing users’ concerns with an assurance that client funds were not impacted. The security team, in collaboration with blockchain forensic experts, is now tracing the stolen assets. The platform also thanked the quick assistance from partners and the crypto community as a whole.
Lazarus Group Behind the Attack
Blockchain intelligence firm Arkham reported top investigator ZachXBT was able to track the attack back to North Korea-related Lazarus Group. The investigation revealed test transactions and related wallets in the months leading up to the exploitation. The information was shared with Bybit and was useful in their investigation.
In spite of the massive loss, Bybit’s solvency remains intact. Bybit CEO Ben Zhou emphasized that the platform is financially healthy, with adequate reserves in hand even under a worst-case scenario.
At the same time, Bitget CEO Gracy Chen minimized the loss, saying the loss amounted to just Bybit’s yearly profit and that customer funds were not affected. The nature of the attack, however, raised alarm bells in the crypto community.
Unlike typical breaches based on exploitation of technical loopholes, in this attack, the hacker targeted human operators. The hacker is said to have taken over multiple multisig signers’ devices and manipulated transaction information without arousing anyone’s suspicion. The breach has revolutionized cold wallet security and proven even the strongest arrangements are not immune to social engineering.
Related Reading | Exclusive Opportunity: Skyren DAO Airdrop Targets BlockDAG and Rexas Finance Communities