On the evening of February 21, Ben Zhou, the chief executive of cryptocurrency exchange Bybit, logged into his computer to approve what he believed was a routine transaction. Within half an hour, he received a call from his chief financial officer, who delivered a chilling message.
“All of the Ethereum is gone,” the executive told him.
Bybit had fallen victim to the largest theft in cryptocurrency history, with hackers backed by the North Korean government stealing $1.5 billion worth of digital assets, according to the FBI. The breach was traced to a vulnerability in Bybit’s security system that allowed cybercriminals to manipulate a widely used software tool.
A Preventable Security Flaw
The attackers exploited a weakness in a storage system developed by technology provider Safe. For years, Bybit had relied on Safe’s software to secure billions in customer funds, even as more advanced security solutions became available.
An analysis of the breach described the loss as “completely preventable,” arguing that it “should not have happened.”
Charles Guillemet, an executive at French crypto security firm Ledger, explained that Safe’s software was not designed to safeguard institutional assets. “This really needs to change,” he said.
Bybit, which handles as much as $20 billion in customer deposits, was left scrambling to cover its losses. Within hours of the attack, users withdrew nearly $10 billion from the exchange, fueling panic across the cryptocurrency market.
Despite the crisis, Zhou remained composed on social media, stating that his stress levels were “not too bad.” However, in a later interview, he acknowledged that Bybit had been aware of compatibility issues with Safe’s system months before the hack but failed to take action.
“We should have upgraded and moved away from Safe,” he admitted. “We’re definitely looking to do that now.”
Rahul Rumalla, Safe’s chief product officer, defended the company’s role, stating that it had since introduced additional security measures. “Safe’s products remain the treasury backbone for some of the largest organizations in the space,” he said.
The Hack and Its Aftermath
According to a source familiar with the matter, hackers compromised a Safe developer’s computer, injecting malicious code into the system. They then sent a fraudulent transaction link to Zhou, who unknowingly granted them access to Bybit’s reserves.
Blockchain analysts quickly traced the stolen assets to the Lazarus Group, a notorious North Korean hacking syndicate responsible for previous large-scale crypto thefts. The group dispersed the funds across numerous wallets in a sophisticated laundering operation.
The fallout was immediate. Bitcoin, the flagship cryptocurrency, plummeted 20%, marking its steepest decline since the 2022 collapse of FTX, the disgraced exchange run by Sam Bankman-Fried.
Zhou admitted to having “a lot of regrets,” acknowledging that he should have prioritized security sooner. “I should have paid more attention to this area,” he said.
Despite the setback, Bybit managed to process all withdrawal requests within 12 hours. In a bid to restore confidence, Zhou later announced on X that the company was moving another $3 billion in digital assets, assuring users that it was a “planned maneuver.”
“We are not hacked this time,” he wrote.
The attack underscores the growing sophistication of cybercriminals targeting the cryptocurrency sector and raises urgent questions about the security of digital assets in an increasingly volatile market.
