Bybit Cyberattack Results in $1.5 Billion Ethereum Theft, the Largest Exchange Exploit

A devastating cyberattack has shaken the cryptocurrency industry. Bybit, one of the world’s largest crypto exchanges, lost a staggering $1.5 billion in Ethereum to hackers. This incident now ranks as the biggest crypto exchange exploit in history, surpassing all previous breaches. Authorities have linked the attack to North Korea’s Lazarus Group, and the FBI has urged platforms to block the stolen funds before they disappear into laundering networks.

FBI Confirms North Korea’s Lazarus Group Behind Bybit Hack

The FBI wasted no time identifying the masterminds behind the attack. According to investigators, North Korea’s notorious hacking group, Lazarus—also known as TraderTraitor and APT38—was responsible.

This group has a long history of targeting crypto platforms, and their techniques have only become more sophisticated. Investigators believe the hackers intercepted a scheduled transfer from Bybit’s cold wallet to its hot wallet, rerouting the funds to an address they controlled.

The FBI has since advised crypto exchanges, RPC node operators, and blockchain analytics firms to flag and block transactions from the addresses linked to the hack. A public warning emphasized that the stolen Ethereum is being rapidly converted into Bitcoin and other cryptocurrencies, making it harder to track.

The Growing Threat of North Korean Crypto Heists

North Korea’s involvement in cryptocurrency theft is no surprise. In 2024 alone, the country allegedly stole nearly $800 million in digital assets. These attacks are far more ambitious than those of other hacking groups, with North Korea focusing on high-value targets.

Bybit’s breach follows a disturbing pattern. Investigators, including crypto fraud expert ZachXBT, traced some of the stolen funds to an Ethereum address previously connected to attacks on exchanges like Phemex, BingX, and Poloniex. This is yet another example of Lazarus Group’s wide-reaching impact on the crypto world.

What makes these hacks even more concerning is their purpose. Reports suggest that stolen crypto funds help finance North Korea’s missile program and other sanctioned activities. This adds a geopolitical dimension to what might otherwise seem like just another cybercrime.

Bybit’s Response and Safe{Wallet} Breach

Bybit CEO Ben Zhou addressed the crisis on Wednesday, releasing an initial post-mortem report compiled by cybersecurity firms Sygnia and Verichains. Their findings revealed a critical vulnerability within Safe{Wallet}, a widely used multisig wallet platform.

Here’s what investigators uncovered:

• Hackers initially compromised a Safe{Wallet} developer’s machine.
• This breach gave them access to an account operated by Bybit.
• From there, they executed the largest known crypto heist.

The Safe Ecosystem Foundation later confirmed these findings, adding that the vulnerability wasn’t due to a flaw in the wallet software itself but rather a targeted attack on a developer’s infrastructure.

What Happens Next?

Bybit is now working with law enforcement and blockchain security firms to track the stolen assets. However, history suggests that recovering funds after such an attack is incredibly difficult.

Authorities are urging exchanges to stay on high alert. If the stolen Ethereum gets laundered successfully, it could set a dangerous precedent, encouraging more large-scale crypto heists in the future.

The industry is once again facing tough questions about security. If even a major player like Bybit can be breached, what does that mean for smaller exchanges? And more importantly—who’s next?