On the evening of February 21, Ben Zhou, the chief executive officer of cryptocurrency exchange Bybit, logged into his computer to authorize what appeared to be a routine transaction. The company was transferring a substantial amount of Ether, one of the most popular digital currencies, from one account to another.
However, within thirty minutes, Bybit’s chief financial officer made a distressing call to Zhou, his voice trembling as he delivered shocking news: the system had been compromised. “All of the Ethereum is gone,” he said.
According to the U.S. Federal Bureau of Investigation, Zhou had inadvertently approved a transaction that handed over control of an account to North Korean-backed hackers. The cybercriminals siphoned off $1.5 billion in cryptocurrency, making it the largest heist in the industry’s history.
Exploiting a Security Flaw
The hackers executed their attack by exploiting a significant vulnerability in Bybit’s security infrastructure—the exchange’s reliance on a free software product. The attackers manipulated a publicly accessible system that Bybit used to protect millions in customer deposits. Despite the availability of more sophisticated security tools from specialized firms, Bybit had continued using storage software developed by a provider called Safe.
The consequences of the breach sent shockwaves across the crypto market, causing a sharp decline in investor confidence at a critical time. Under the crypto-friendly Trump administration, industry leaders are advocating for new U.S. regulations that would encourage more investment in digital assets.
Security experts expressed deep concerns over the implications of the breach. An analysis by a security firm described the losses as “completely preventable,” emphasizing that the incident “should not have happened.”
Safe’s storage tool, though widely used within the crypto space, is more suited for individual traders rather than large exchanges managing billions of dollars in deposits, said Charles Guillemet, an executive at French crypto security firm Ledger. “This really needs to change,” he warned. “It’s not an acceptable situation in 2025.”
A Desperate Race to Contain the Fallout
The breach triggered a frenzied 48-hour period at Bybit. Overseeing customer deposits totaling as much as $20 billion, the company found itself struggling to cover the $1.5 billion loss in Ether. Zhou, 38, scrambled to keep operations afloat by securing emergency loans from other firms and tapping into corporate reserves to handle an onslaught of withdrawal requests.
The wider crypto market reacted swiftly. Bitcoin, often seen as an industry bellwether, plummeted by 20%—its steepest drop since the 2022 collapse of FTX, the disgraced crypto empire led by Sam Bankman-Fried.
In an interview this week, Zhou admitted that Bybit had received prior warnings about potential security issues with Safe. Three to four months earlier, the company had noticed compatibility issues between Safe’s software and another security service it used. “We should have upgraded and moved away from Safe,” Zhou acknowledged. “We’re definitely looking to do that now.”
Safe’s chief product officer, Rahul Rumalla, responded to the breach in a statement, asserting that the company had since introduced new security measures to better protect its users. “Our products serve as the treasury backbone for some of the largest organizations,” Rumalla stated. “Our job is not just to fix what happened, but to ensure the entire industry learns from it, so this doesn’t happen again.”
