Abdelrahman
On February 22, 2025, cryptocurrency exchange platform Bybit disclosed that a highly sophisticated cyberattack resulted in the loss of over $1.46 billion in digital assets from one of its Ethereum cold (offline) wallets, marking this incident as the largest single cryptocurrency theft on record.
The breach happened during a transfer involving Bybit’s ETH multisig cold wallet, which coins were intended to move to their warm wallet. Unfortunately, an attacker executed a manipulative ploy that altered the signing process, leading to a legitimate-looking transfer but with modified smart contract logic,” stated Bybit in a post on X.
This allowed the hacker to seize control of the compromised ETH cold wallet and divert its contents to an unknown address.
In his statement on social media, Bybit’s CEO Ben Zhou reassured users that all other cold wallets remain secure, and the company has reported the incident to the relevant authorities.
While Bybit has not officially confirmed the specifics, Elliptic and Arkham Intelligence have tied the incident to the notorious Lazarus Group. This theft surpasses previous record-breaking crypto thefts, including those of the Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).
Independent researcher ZachXBT noted that they have “linked the Bybit breach on-chain to the Phemex compromise,” which occurred just a month prior.
The Lazarus Group, based in North Korea, is recognized as one of the most active cybercriminal organizations, executing numerous crypto thefts to fund the sanctioned state. In 2024, a report from Google described North Korea as “arguably the world’s leading cybercriminal entity.”
According to blockchain analysis firm Chainalysis, the Lazarus Group pilfered an estimated $1.34 billion in 47 cryptocurrency attacks throughout 2024, representing approximately 61% of all illegally obtained crypto assets during that period.
“The rise in cryptocurrency thefts can be attributed to the lucrative nature of these crimes, the difficulties in pinpointing the culprits, and the minimal experience among many organizations with cryptocurrency and evolving Web3 technologies,” stated Mandiant, a subsidiary of Google, in a recent report.
