Bybit, a major cryptocurrency exchange, has suffered a massive security breach, resulting in the theft of approximately $1.5 billion in digital assets, primarily Ethereum.
The attack, considered the largest crypto heist in history, targeted Bybit’s cold wallet, an offline storage system meant for security.
The hackers swiftly transferred the stolen funds across multiple wallets and liquidated them through various platforms.
“Please rest assured that all other cold wallets are secure,” Ben Zhou, CEO of Bybit, posted on X. “All withdrawals are NORMAL.”
Blockchain analysis firms, including Elliptic and Arkham Intelligence, have tracked the stolen funds as they were transferred across multiple accounts and quickly liquidated.
According to Elliptic, this breach is the largest in crypto history, surpassing previous major hacks, such as the $611 million stolen from Poly Network in 2021 and the $570 million taken from Binance in 2022.
Elliptic analysts later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for stealing billions from the crypto industry.
The group exploits security flaws to fund North Korea’s regime, using advanced laundering techniques to obscure the stolen assets’ trail.
“We’ve labelled the thief’s addresses in our software, to help to prevent these funds from being cashed-out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic, in an email.
The breach triggered a surge of withdrawals from Bybit as users feared insolvency.
Zhou later confirmed that outflows had stabilized.
To reassure customers, he announced that Bybit secured a bridge loan from undisclosed partners to cover any unrecoverable losses and ensure continued operations.
