Crypto exchange Bybit, which bills itself as the second largest in the world, was hacked over the weekend. Bybit has confirmed the hack in which 401,346 units of the crypto currency Ethereum was taken.
At the time of writing the Ethereum taken is valued at NZ$1.936 billion (US$1.46 billion). Bybit is now scrambling to recover what funds it can, with the exchange calling for the cyber security and crypto analysts to help, promising a 10% reward on any funds recovered.
"... the contributors stand to share a bounty of potentially up to US$140 million in value in the scenario of a full recovery," the Dubai-based Bybit said.
Bybit co-founder Ben Zhou called the breach "the worst hack in history" on social media, but claimed the exchange was solvent:
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
— Ben Zhou (@benbybit) February 21, 2025
Elsewhere, Bybit said it has received support from crypto-related entities that have blacklisted "exploit-related addresses, preventing unauthorised transfers". Blockchain analysis firm Chainalysis has also tracked the hackers' addresses to restrict their ability to launder the stolen crypto currency, Bybit said.
Bybit is promising a full incident report on the hack, with crypto community sleuth "ZachXBT" suggesting that North Korea's Lazarus Group is behind the breach, and is currently trying to move the stolen funds.
The Lazarus Group has been existence two and a half decades, and has strong links to the North Korean regime. It is believed to be behind several cyber attacks that have netted the pariah nation millions of dollars in foreign exchange The hacking group is also blamed for the 2013 attack on Sony Pictures, and the global WannaCry ransomware malware deployment in 2017 that was thwarted by security researcher Marcus Hutchins.
Prior to the Bybit hack, the biggest breach involved the Polynetwork, with US$611 million taken. On LinkedIn, Tom Robinson, a researcher with crypto analytics firm Elliptic speculated that the Bybit hack might be not just the biggest crypto hack ever, but the largest theft of any kind.
Robinson posted the below diagram to show the scale of the Bybit hack compared to many others in the past (amounts in US$).
28 Comments
Ouch, at least a hacker cannot steal your house. Something to be said for "Actual" hard assets rather than "Fairy Dust".
Bricks and motar
Ouch, at least a hacker cannot steal your house. Something to be said for "Actual" hard assets rather than "Fairy Dust".
This is true Z. Hard to put a house in your pocket. Your car could get stolen though. Or your wallet, mobile phone, electric bicycle.
In this situation, good to see assets backed 1:1 so Bybit customers are secure. All exchanges in Japan require 1:1 backing of customer assets. Far ahead of the regulatory game.
Of course, if you custody your own coins instead of leaving them on an exchange, this is how an individual protects oneself. This should be near the top of any rules list taught to normies learning about the space.
Can you explain to us ignorant peasants what is going to happen to the stolen crypto given that it is Blockchain something-or-other?
I thought the Blockchainy bit meant that it is permanently tracked/marked so it is clearly identified as stolen and the actual owner knows where it is. Or does this all mean that the thief can just sell it on to another person/organisation on the internet, so it effectively just becomes a form of currency for the criminal underworld?
You can't revert transactions on the blockchain. There have been calls for Ethereum to "fork" so as to undo the stolen funds transactions, but that by itself is opening Pandora's box.
Thanks Juha!
I feel like blockchain doesn't provide quite the security that I thought. I feel it is like the motor vehicle register (in that if a buyer doesn't check that a car is stolen then the seller can easily sell that car to the buyer).
It’s an interesting concept, but one that’s been oversold as the answer for almost everything.
You can't revert transactions on the blockchain. There have been calls for Ethereum to "fork" so as to undo the stolen funds transactions, but that by itself is opening Pandora's box.
“Rollback” is Bitcoin language because in order to undo a transaction on Bitcoin, you’d need to undo all the transactions since that transaction since there’s a sort of “chain of custody” you can follow with each satoshi. (This is the unspent transaction output or UTXO model, plus there’s also the fact of how the hash of each block is included in the next block, which is like a little DNA bit from the previous block that’s included in each block.)
With ETH, there are accounts, and balances get changed in each account, according to things like smart contract rules or actions taken by users. But there’s no chain of custody for each Wei that you can follow. This was an “irregular state change” - airlifting all the ETH in the DAO smart contracts out to a refund contract that would send you 1 ETH for every 100 DAO tokens you sent in. So all the people talking about a “rollback” in ETH, that implies you’d also have to undo all the transactions since the time of the one you want to reverse. Not necessary.
This is an example why I personally don't invest in crypto, I just don't understand it enough, and I think very few can really say what the future holds. For example we are told Bitcoin is finite, why? Because there won't be any more made, it's too involved and expensive to make etc… There is absolutely no guarantee that computing technology advances wont' change these expectations at all, or that a Bitcoin competitor can be made much more efficiently and cheaply in the future, a bit like Deepseek vs American AI. And then there is the minefield of keeping your crypto safe online. J.C. and Wolfie will tell you: "You just need to…" but I'm not at all convinced that "your" crypto is safe and secure now and in the future. If it goes missing, who is average Joe Bloggs going to sue ? and in what country ?
Agree
J.C. and Wolfie will tell you: "You just need to…" but I'm not at all convinced that "your" crypto is safe and secure now and in the future. If it goes missing, who is average Joe Bloggs going to sue ? and in what country ?
I definitely wouldn't advise you to use Bybit or even go near BTC or crypto Dr Y. In fact, I wouldn't advise anyone who isn't comfortable with or competent / experienced with risk to go near a crypto exchange. It would be like a monkey trying to fly a plane. Potentially disastrous.
No it's finite because when BTC was established 21 million BTC was minted and that hasn't changed since. This was by design as a counter to fiat currencies where they can print as much as they want. It has nothing to do with how involved or expensive it is to create more bitcoin. "Bitcoin’s governance model is decentralized, meaning that changes to the protocol require widespread consensus. Any change to the hard cap would require the majority of nodes to adopt the new rule, which is unlikely." Minting more BTC would literally destroy BTC so the probability of it ever reaching consensus is probably almost 0%.
BTC isn't the number one crypto because of cost and efficiency. It's simply due to trust in the protocol because it's been around the longest and has proven it's secure. It's also more decentralised than a lot of other cryptos.
If you hold the keys to your crypto yourself instead of on a crypto exchange like ByBit (which literally everyone tells you to do so it's no secret), especially on a hardware or paper wallet, your chances of it going "missing" are also almost 0%.
Arguments like the above are just not grounded in the practical realities faced by ordinary people. Honestly we're 15 years in now and it's getting old. Why can't we expend this energy on trying to improve our regulatory environment, and building a fair and competitive market for financial services, instead of constantly trying to undermine sovereign currencies with a modern reincarnation of wildcat banks and private money on steroids?
If you hold the keys to your crypto yourself instead of on a crypto exchange like ByBit (which literally everyone tells you to do so it's no secret) [...]
Ah yes, NYKNYC. Be your own bank! (manage your own opsec)
Tell me, how would your grandmother handle private keys or a hardware wallet? Mine could barely manage a password, but I guess if yours GPG-encrypts her email then you're all good.
[...] especially on a hardware or paper wallet, your chances of it going "missing" are also almost 0%.
Do you also think the biggest losses in traditional finance come from hacks on banks? Because the vast majority come from social engineering, whereby the user is persuaded to transfer the money to the hacker themselves. Hardware crypto wallets and private keys don't solve this, they make it infinitely worse because there's no one to help you afterwards. Even, apparently, if you lose $1.9b to North Korea.
The main problem with crypto is that it identifies and solves problems that no one is having, except small-state libertarians with an ideological axe to grind, and billionaires that feel "oppressed" by pesky government regulations. And it sacrifices security, efficiency, financial stability, and the environment for the sake of their interests.
Anyone not on the fringe should be emphatically rejecting crypto. And fortunately, for the most part, they are.
Why can't we expend this energy on trying to improve our regulatory environment, and building a fair and competitive market for financial services,
Good question. To be honest, since the emergence of BTC, things haven't become better in terms of fairness, competitiveness, centralization, and manipulation of money and monetary frameworks. In fact, it's become worse than it ever has been in the past. To clean it all up, means people lose power, particularly the ruling elite. Therefore, I expect BTC to still be relevant, even if the rest of the ecosystem slides into irrelevance, which is kind of what is happening at the moment.
To clean it all up, means people lose power, particularly the ruling elite
To even begin to understand where you're coming from, I would need to know your definition of "ruling elite". It's one of those nebulous terms that bakes in a lot of assumptions.
Most of your points against crypto are focused on Bitcoin.
There are hundreds, if not thousands, of other useful implementations of crypto/blockchain that are being developed as we speak by the biggest organisations in the world. Surely they understand the value of such technology? And for them it is certainly not just to undermine fiat.
Agree and disagree. Most of the ecosystem is pointless in my opinion. Where is the value besides what BTC can do? Ripple technology is remarkable IMO.
Just about 'undermining flat', you should understand that fiat itself is not a commodity. Modern money is more about power structures and the social contract. And for that reason alone, BTC and crypto have relevance.
There are hundreds, if not thousands, of other useful implementations of crypto/blockchain that are being developed as we speak by the biggest organisations in the world.
Name one successful implementation of a distributed blockchain, that's not solving a problem that crypto itself created, and is clearly superior to a centralised system. Go on, I'll wait.
Surely they understand the value of such technology?
They understand the value of meeting market demand.
And for them it is certainly not just to undermine fiat.
There's a lot of money sloshing around in web3, I'll give you that. But if you follow that money, you're going to end up at libertarian-leaning folks like A16z, DCG and their backers, who believe that the financial regulations which protect the masses are unfairly restricting their "innovations", and thus very much do want to undermine state control of currency.
.
You really think BTC was created because of invented problems with the current financial system?
Most people think the current financial system is working fine. Chances are they haven't put much thought into it.
Or have a vested interest in the status quo.
OK I’ll bite. Bitcoin is the one successful blockchain integration, the problem it's solving is our centralised debt based monetary system which is based on 'i'm good for it, trust me bro", oh and the built in devaluation of our money eroding our purchasing power. Crypto did not make that problem.
Its solves this problem be removing the counter party risk and providing a finite supply which also has a known inflation rate which is falling as the minting continues. It’s supply is set and secured by math.
All fiat currencies are backed by reputation alone, oh and perhaps military might for the bigger countries.
Bitcoin does have some weak points around its code which is based on consensus and potential mining centralisation, but it's encryption is based on the same the government, military and banks use, so if that goes it’s not just bitcoin that will be in trouble.
Edit: typo and clarity.
I don't get your pushback? Are you saying that if something is not for everyone then it shouldn't exist? Are you saying that if something is vulnerable to social engineering it shouldn't exist either? Do you have any data to support your claim that social engineering is a significant problem for hardware and paper wallet users? You really think BTC was created because of invented problems with the current financial system?
Edit. I was just repeating whats being said already.
I do think that bitcoin will eventually be held by banks and that will take the tech issue away.
It's infinite in the sense that parts of a BTC can be 'sold'.
Not really, each bitcoin is subdivided into 100 million sub parts called Satoshi, like dollars and cents but more zeros.
well well, well.....my,my,my.... who'd have thought that a crypto-currency would......????
Now, back to more 'finite' subjects, would Juda or anybody else know whether the Friday stampede-like sell off of Spark shares upon Spark releasing its pessimistic prognosis could have been galvanised by Milford desperately trying to cut it's losses on its mid-December purchase of approx 14 million Spark shares at a substantially higher price than Spark's Friday closing price?
Now, back to more 'finite' subjects, would Juda or anybody else know whether the Friday stampede-like sell off of Spark shares upon Spark releasing its pessimistic prognosis could have been galvanised by Milford desperately trying to cut it's losses on its mid-December purchase of approx 14 million Spark shares at a substantially higher price than Spark's Friday closing price?
Not really a rug pull. But kinda.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.