How much Ethereum was stolen in the Bybit hack?

Hackers stole around 401,347 ETH, valued at approximately $1.4 billion at the time of the breach. Additional reports suggest smaller amounts of related tokens like stETH, cmETH, and mETH were also taken, pushing the total value slightly higher in some estimates.

Who was behind the Bybit $1.4 billion Ethereum Hack?

Security researchers, including Elliptic and ZachXBT, have linked the hack to North Korea’s Lazarus Group, a state-sponsored hacking collective known for major crypto heists. The attack’s sophistication and subsequent laundering patterns align with their previous operations.

How did the hackers steal $1.4 billion from Bybit?

The hackers used a sophisticated phishing attack that masked the user interface (UI) during a routine transfer from Bybit’s cold wallet to its warm wallet. The UI showed the correct address, but the underlying smart contract logic was altered, granting the attackers control. Investigations later revealed malicious code was injected into Safe Wallet’s infrastructure, a service Bybit used.

Is my money safe on Bybit after the Ethereum hack?

Bybit’s CEO, Ben Zhou, has stated that the exchange remains solvent and that all client funds are backed 1:1. The hack affected only one Ethereum cold wallet, and Bybit has secured bridge loans and reserves to cover losses, ensuring withdrawals continue normally. However, trust in the platform has been shaken for some users.

What is Bybit doing to recover the stolen $1.4 billion?

Bybit launched a recovery bounty program, offering up to 10% of recovered funds (potentially $140 million) to cybersecurity experts who help retrieve the stolen ETH. The exchange is also working with blockchain analysts like Chainalysis and authorities to track the funds, which have been split across multiple wallets and laundered through decentralized exchanges (DEXs) and mixers.

Why is the Bybit Ethereum Hack considered the largest in crypto history?

The $1.4 billion theft surpasses previous records, such as the $611 million Poly Network hack in 2021 and the $625 million Ronin Network breach in 2022. Its scale, combined with the fact that it may be the largest single theft of any kind in history (exceeding even Saddam Hussein’s $1 billion bank heist in 2003), has earned it this title.

How did the Bybit hack affect Ethereum prices?

Following the hack’s announcement, Ethereum’s price dropped nearly 4%, reflecting market panic. However, it later stabilized as Bybit clarified it wouldn’t flood the market with ETH buybacks. The stolen funds’ movement continues to influence trader sentiment, with potential selling pressure still a concern.

Can the stolen Ethereum from the Bybit hack be traced?

Yes, blockchain transparency allows firms like Elliptic and Arkham Intelligence to track the stolen ETH. The funds have been split into numerous wallets (e.g., 53 reported addresses) and laundered through DEXs and privacy tools, complicating recovery but not rendering it impossible. Some funds have already been swapped for Bitcoin.

What security changes has Bybit made after the $1.4 billion hack?

Bybit has moved most funds out of Safe Wallet infrastructure, which was compromised in the attack, and is reevaluating its wallet systems. The exchange is enhancing security protocols and has promised to “fundamentally transform” its infrastructure to prevent future breaches, though specifics are still under development.

Is North Korea Behind the Bybit Ethereum Hack?

Yes, evidence strongly suggests that North Korea’s Lazarus Group, a state-sponsored hacking collective, orchestrated the Bybit Ethereum Hack on February 21, 2025, which saw $1.4 billion in ETH stolen. Security firms like Elliptic and Arkham Intelligence, along with crypto investigator ZachXBT, have linked the attack to Lazarus based on its sophisticated execution and the laundering patterns of the stolen funds. The group reportedly exploited Bybit’s Safe Wallet infrastructure through phishing or malicious code injection, a tactic consistent with their past operations like the Ronin Network hack. While Bybit has not officially confirmed this, the consensus among experts points to North Korea’s involvement, potentially to fund state activities.

Crypto Crypto News

The Bybit Ethereum Hack: Unpacking the Largest Crypto Heist in History

February 28, 2025 Taylor Green

On February 21, 2025, the cryptocurrency world was shaken by one of the most significant security breaches ever recorded: the Bybit Ethereum hack. Hackers stole approximately $1.4 billion worth of Ethereum (ETH) from the Dubai-based exchange, marking it as the largest crypto heist in history. This staggering theft not only rattled Bybit’s 60 million users but also raised critical questions about security in the crypto industry. In this comprehensive article, we’ll dive into the details of the Bybit hack—how it happened, its market impact, the response from Bybit, and what it means for the future of cryptocurrency security.

What Happened During the Bybit Ethereum Hack?

The Bybit Ethereum hack occurred during a routine transfer of funds from an offline “cold” wallet to an online “warm” wallet, a process designed to balance security and liquidity. Cold wallets are typically offline and highly secure, while warm wallets are connected to the internet for daily trading operations. According to Bybit CEO Ben Zhou, the attackers executed a sophisticated assault that exploited this transfer process.

Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
— Ben Zhou (@benbybit) February 21, 2025

12 hr from the worst hack in history. ALL withdraws have been processed. Our withdraw system is now fully back to normal pace, you can withdraw any amount and experience no delays. Thanks for your patience and we are sorry that this has happened.
Bybit will come out with full…
— Ben Zhou (@benbybit) February 22, 2025

How the Hack Unfolded

Targeted Wallet: The hackers zeroed in on Bybit’s Ethereum multisig cold wallet, which required multiple signatures for transactions—a standard security measure in the industry.
Masked Transaction: Using a “masked” user interface (UI), the attackers deceived wallet signers into approving a malicious transaction. The UI displayed the correct address, but the underlying smart contract logic was altered.
Smart Contract Manipulation: The fraudulent transaction replaced the wallet’s legitimate smart contract with a malicious one, granting the hackers full control over the wallet.
Massive Theft: Approximately 401,347 ETH—valued at over $1.4 billion—was siphoned off to unknown addresses, alongside additional staked ETH tokens worth $324 million.

Blockchain security experts later identified this as a social engineering attack, likely involving phishing tactics. On February 27, 2025, cybersecurity firms Verichains and Sygnia Labs revealed that North Korean hackers, possibly the infamous Lazarus Group, had injected malicious JavaScript into the Safe Wallet provider’s infrastructure (hosted on Amazon AWS), which Bybit relied upon. This code was tailored to activate only when interacting with Bybit’s contract address, making it a highly targeted strike.

E110: Bybit's Hack EMERGENCY EPISODE: How @Bybit_Official survived the biggest Crypto Theft of all time!

I sat down with @benbybit , the CoFounder & CEO of Bybit, just 72 hours after the largest heist ever in history affected his company

Ben opens up on what exactly happened… pic.twitter.com/FvuCZb3I6f
— MR SHIFT 🦁 (@KevinWSHPod) February 26, 2025

The Scale of the Bybit Hack: A Record-Breaking Heist

The Bybit Ethereum hack dwarfed previous crypto thefts, surpassing the $611 million Poly Network hack of 2021 and the $615 million Ronin Network breach of 2022. Blockchain analytics firm Elliptic called it “almost certainly the single largest known theft of any kind in history,” outstripping even Saddam Hussein’s $1 billion theft from the Iraqi Central Bank in 2003. Here’s a quick comparison:

Incident	Amount Stolen	Year	Crypto Affected
Bybit Ethereum Hack	$1.4 billion	2025	ETH
Poly Network Hack	$611 million	2021	Multiple tokens
Ronin Network Hack	$615 million	2022	ETH, USDC
Iraqi Central Bank Theft	$1 billion	2003	Fiat (USD)

The hacker now holds over 500,000 ETH—more than Ethereum co-founder Vitalik Buterin’s 240,000 ETH—making them one of the largest ETH holders globally. However, liquidating such a massive amount poses challenges due to real-time blockchain tracking and unfavourable market conditions.

Market Impact: Volatility and Sentiment Shifts

The immediate aftermath of the Bybit hack saw significant market turbulence. Ethereum’s price dropped nearly 4% on February 21, 2025, falling to $2,641.41 per coin, as traders reacted to the news. However, the market’s response was complex and volatile:

Initial Speculation: Rumors swirled that Bybit might buy back ETH on a 1:1 basis to cover losses, sparking a brief price rebound above $2,800 over the weekend.
Sentiment Reversal: When CEO Ben Zhou clarified that Bybit had secured a bridge loan covering 80% of the loss and had no plans for immediate spot market purchases, bearish sentiment took over. ETH prices retreated as fears of selling pressure from the hacker loomed.
Liquidity Hit: Bybit’s 1% market depth for BTC, ETH, and top altcoins plunged 59% from $68 million to $28 million within hours of the hack, reflecting mass exits by market makers. Daily trading volume also fell to $1.4 billion over the weekend, per Kaiko Research.

The broader crypto market, already sensitive in early 2025 due to regulatory uncertainties and Ethereum community controversies, felt the ripple effects. Withdrawals from Bybit surged past $5 billion as users rushed to secure their funds, though 70% of requests were processed successfully despite network congestion.

Bybit Hack Forensics Report
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report: https://t.co/3hcqkXLN5U pic.twitter.com/tlZK2B3jIW
— Ben Zhou (@benbybit) February 26, 2025

Bybit’s Response: Transparency and Resilience

Bybit’s handling of the crisis has been widely praised as a benchmark for transparency and crisis management. CEO Ben Zhou addressed the community within 30 minutes of the breach, ensuring Bybit remained the primary source of information. Key actions included:

Reassurance: Zhou confirmed that Bybit was solvent, with client assets backed 1:1, and losses could be covered through reserves or partner loans. “All other cold wallets are secure, and withdrawals are normal,” he stated on X.
Recovery Efforts: Bybit launched a “recovery bounty program,” offering up to 10% of recovered funds (potentially $140 million) to cybersecurity experts aiding in asset retrieval.
Security Overhaul: The exchange moved most funds out of Safe-administered wallets and pledged to transform its security infrastructure.

By February 24, 2025, Bybit had secured 446,000 ETH through loans, whale investments, and over-the-counter (OTC) buys, restoring its 1:1 backing. Deposits began outpacing withdrawals, signalling a return to normal operations.

Is North Korea Behind the Bybit Ethereum Hack

Who Was Behind the Hack?

Suspicion quickly fell on North Korea’s Lazarus Group, a state-sponsored hacking outfit linked to over $6 billion in crypto thefts since 2017. Blockchain sleuth ZachXBT and firms like Elliptic and Arkham Intelligence identified patterns consistent with Lazarus’ previous attacks, such as the Ronin Network heist. Key evidence includes:

Phishing Tactics: The initial breach stemmed from a phishing attack targeting a Safe Wallet developer, not Bybit directly, allowing hackers to insert malicious code.
Fund Laundering: The stolen ETH was split across 53 wallets and funnelled through decentralized exchanges (DEXs), cross-chain bridges, and privacy mixers like eXch, a known facilitator of illicit crypto swaps.
State Motives: Proceeds from such hacks are believed to fund North Korea’s nuclear weapons program, and the Bybit theft could potentially make the regime one of the largest ETH holders globally.

Despite efforts to obfuscate the trail, Tether froze a small portion of the converted funds, and real-time tracking continues to hinder the hacker’s ability to cash out fully.

FBI released a public service announcement saying North Korea is responsible for the $1.5 billion Bybit hack.

Lessons Learned: Securing the Crypto Future

The Bybit Ethereum hack underscores persistent vulnerabilities in the crypto ecosystem, even among top-tier exchanges. It also offers critical lessons for the industry:

Social Engineering Risks: Phishing remains a potent threat, exploiting human error rather than technical flaws. Robust training and isolated systems for transaction proposers and signers are essential.
Wallet Security: Reliance on third-party providers like Safe highlights the need for in-house custody solutions or multi-party computation (MPC) wallets, which avoid smart contract complexity.
Transparency Matters: Bybit’s swift, clear communication mitigated panic and preserved trust, setting a standard for crisis response.

For users, the hack is a reminder to diversify holdings, use hardware wallets, and monitor exchange security practices closely.

What’s Next for Bybit and Ethereum?

Bybit’s recovery efforts and regulatory compliance push—such as its removal from France’s AMF blacklist in February 2025—signal resilience. However, challenges remain, including a $1.06 million fine in India for non-compliance with anti-money laundering laws. For Ethereum, the hack dampens sentiment amid an already turbulent period, potentially impacting institutional adoption in the short term.

The crypto industry stands at a crossroads. As hacks exceed $2.2 billion in 2024 alone (per Chainalysis), the Bybit breach could galvanize stronger security standards—or erode trust if the recovery falters. For now, Bybit’s proactive stance and the community’s vigilance offer hope amid uncertainty.

FAQs About Bybit Ethereum Hack

What happened during the Bybit Ethereum Hack?

The Bybit Ethereum Hack occurred on February 21, 2025, when hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of Bybit’s cold wallets. The attackers exploited a vulnerability by manipulating a transaction’s signing interface, tricking Bybit’s multi-signature wallet signers into approving a malicious smart contract update, which allowed the funds to be drained to an unknown address.
How much Ethereum was stolen in the Bybit hack?

Hackers stole around 401,347 ETH, valued at approximately $1.4 billion at the time of the breach. Additional reports suggest smaller amounts of related tokens like stETH, cmETH, and mETH were also taken, pushing the total value slightly higher in some estimates.
Who was behind the Bybit $1.4 billion Ethereum Hack?

Security researchers, including Elliptic and ZachXBT, have linked the hack to North Korea’s Lazarus Group, a state-sponsored hacking collective known for major crypto heists. The attack’s sophistication and subsequent laundering patterns align with their previous operations.
How did the hackers steal $1.4 billion from Bybit?

The hackers used a sophisticated phishing attack that masked the user interface (UI) during a routine transfer from Bybit’s cold wallet to its warm wallet. The UI showed the correct address, but the underlying smart contract logic was altered, granting the attackers control. Investigations later revealed malicious code was injected into Safe Wallet’s infrastructure, a service Bybit used.
Is my money safe on Bybit after the Ethereum hack?

Bybit’s CEO, Ben Zhou, has stated that the exchange remains solvent and that all client funds are backed 1:1. The hack affected only one Ethereum cold wallet, and Bybit has secured bridge loans and reserves to cover losses, ensuring withdrawals continue normally. However, trust in the platform has been shaken for some users.
What is Bybit doing to recover the stolen $1.4 billion?

Bybit launched a recovery bounty program, offering up to 10% of recovered funds (potentially $140 million) to cybersecurity experts who help retrieve the stolen ETH. The exchange is also working with blockchain analysts like Chainalysis and authorities to track the funds, which have been split across multiple wallets and laundered through decentralized exchanges (DEXs) and mixers.
Why is the Bybit Ethereum Hack considered the largest in crypto history?

The $1.4 billion theft surpasses previous records, such as the $611 million Poly Network hack in 2021 and the $625 million Ronin Network breach in 2022. Its scale, combined with the fact that it may be the largest single theft of any kind in history (exceeding even Saddam Hussein’s $1 billion bank heist in 2003), has earned it this title.
How did the Bybit hack affect Ethereum prices?

Following the hack’s announcement, Ethereum’s price dropped nearly 4%, reflecting market panic. However, it later stabilized as Bybit clarified it wouldn’t flood the market with ETH buybacks. The stolen funds’ movement continues to influence trader sentiment, with potential selling pressure still a concern.
Can the stolen Ethereum from the Bybit hack be traced?

Yes, blockchain transparency allows firms like Elliptic and Arkham Intelligence to track the stolen ETH. The funds have been split into numerous wallets (e.g., 53 reported addresses) and laundered through DEXs and privacy tools, complicating recovery but not rendering it impossible. Some funds have already been swapped for Bitcoin.
What security changes has Bybit made after the $1.4 billion hack?

Bybit has moved most funds out of Safe Wallet infrastructure, which was compromised in the attack, and is reevaluating its wallet systems. The exchange is enhancing security protocols and has promised to “fundamentally transform” its infrastructure to prevent future breaches, though specifics are still under development.
Who Was Behind the Ethereum Hack?

Suspicion quickly fell on North Korea’s Lazarus Group, a state-sponsored hacking outfit linked to over $6 billion in crypto thefts since 2017. Blockchain sleuth ZachXBT and firms like Elliptic and Arkham Intelligence identified patterns consistent with Lazarus’ previous attacks, such as the Ronin Network heist. Key evidence includes:
Is North Korea Behind the Bybit Ethereum Hack?

Yes, evidence strongly suggests that North Korea’s Lazarus Group, a state-sponsored hacking collective, orchestrated the Bybit Ethereum Hack on February 21, 2025, which saw $1.4 billion in ETH stolen. Security firms like Elliptic and Arkham Intelligence, along with crypto investigator ZachXBT, have linked the attack to Lazarus based on its sophisticated execution and the laundering patterns of the stolen funds. The group reportedly exploited Bybit’s Safe Wallet infrastructure through phishing or malicious code injection, a tactic consistent with their past operations like the Ronin Network hack. While Bybit has not officially confirmed this, the consensus among experts points to North Korea’s involvement, potentially to fund state activities.