
Key Insights
The Lazarus Group has been tracked as the main culprit in the $1.4 billion Bybit hack.
The hack was executed in a complex way involving UI masking of the cold wallet.
Bybit lost 75% of its ETH deposits and experienced severe ETH withdrawals as the news broke.
Later it got a 120k ETH loan support from Bitget, MEXC and two ETH whales.
The infamous North Korean state-backed Lazarus Group was found as the main culprit in the $1.4 billion Bybit hack where the exchange lost around 401,360 ETH.
The group has been behind several attacks and exploits in the future going as early as 2022 when it hacked $625 million from Axie Infinity.
Lately, there have been incidents wherein North Korean hackers have masqueraded as South Korean blockchain developers to get access to crypto wallets and rug-pull them. This modus operandi saw wider attention when a project founder accused one of their recently hired developers of stealing their crypto.
Enjoying state-granted immunity, the Lazarus Group has also been training an army of hackers. The group also raises serious questions on who is safe in the world of crypto. An exchange, which has almost military grade security, a network of cold and hot wallets and several strong security measures gets hacked in the most complex way.
Two exchanges and two Whales came in support of Bybit wherein they deposited a sum of 120k ETH. Bitget and MEXC contributed 40,000 ETH and MEXC contributed 12,652 ETH. Two whales contributed 36,000 ETH and 11,800 ETH respectively after withdrawing the amount from their Binance and cold wallets.
Bybit lost around 410,346 ETH but needed a much greater loan of 120k ETH because of the excessive withdrawals from the users.
On 21 February 2025, a hacker successfully did a phishing attack and stole $1.4 billion worth of crypto from Bybit. The hack was executed in a very sophisticated manner.
Bybit CEO and co-founder Ben Zhou shared the news that they were hacked but the withdrawals were normal. Later the exchange had to stop the ETH withdrawals as Bybit lost around 75% of its 537k ETH.
Bybit Proof of Reserves Before The Hack
Bybit Exchange
At first, hackers gained access to the user interface of a Bybit Cold Wallet from which they were first able to mask the wallet interface in a way that the users of the wallet saw something else than what was reality. While the users thought they were transferring a sum to a Bybit hot wallet, they were actually signing a transfer worth 401,346 ETH.
The hack was initially tracked by ZachXBT who saw the hackers distributing 10k ETH to at least 39 wallets and possibly changed most of the ETH to SOL. The North Korean Lazarus group was later found to be the mastermind of the hack.
The Bybit Exchange seems mostly safe, thanks to the new measures taken after the FTX crash, Axie Infinity hack, and a series of crypto security incidents. These established several new standards like using cold storage, crypto custodians, and the proof of reserves audits as the standards in the industry.
After the hack, the exchange took some security measures and held ETH withdrawals which was possibly used to change the addresses that held their ETH reserves.
Further, the Bybit CEO has been giving constant updates since the hack starting with a series of tweets and an X Spaces Live explaining their position. Just an hour before press time, Ben hosted another X Space Live.
Finally, more cooperation from other crypto institutions have also been pouring in. Tether blocked 181k USDT from the hack.
Bybit seems much safer now and more safe than it was.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.