A recent security breach at #Bybit, one of the world’s largest cryptocurrency exchanges, resulted in a $1.46 billion loss—without a single line of code being hacked. Instead of exploiting technical vulnerabilities, the attackers manipulated people, proving that even the most secure systems can be breached through human error.
Who Was Behind the Attack?
- The attack was orchestrated by Lazarus, a state-backed North Korean hacking group.
- Lazarus has previously stolen billions from banks, #crypto exchanges, and #DeFi protocols.
- This incident marks one of the largest crypto heists in history.
How Did It Happen?
- No code was #hacked. There was no software exploit or stolen private keys.
- Bybit’s own multisig wallet signers approved the transactions.
- The attackers tricked them into thinking they were authorizing a routine transfer, but instead, they unknowingly handed over the exchange’s cold wallet funds.
- The breach occurred during a routine transfer of Ethereum from a cold (offline) wallet to a warm (online) wallet, which facilitates daily trading.
- An attacker exploited security controls and successfully transferred the assets.
The Real Question: How Did Lazarus Know Who to Target?
Since a multisig wallet requires multiple people to approve a transaction, even one refusal would have stopped the hack. But all signers approved it, which means Lazarus had insider knowledge.
This could have happened in three ways:
- Inside Job – An employee or insider leaked the list of authorized signers.
- Social Engineering – Hackers studied emails and behaviors to manipulate signers.
- Device Compromise – Malware infected one or more of the signers’ devices.
Aftermath and Market Impact
- The news of the hack triggered mass withdrawals, with Bybit receiving over 350,000 withdrawal requests from customers.
- This sudden surge could cause delays in processing withdrawals.
- Ethereum (ETH) price initially dropped by nearly 4% following the attack but has since recovered to previous levels.
What Happens to the Stolen Ethereum (401,000 Ether)?
- Lazarus now holds 0.42% of all Ethereum, more than: The Ethereum Foundation, Vitalik Buterin (Ethereum’s co-founder), Fidelity Investments (one of the largest financial institutions)
- Laundering that much Ethereum (ETH) is not easy. Authorities quickly flagged 53 wallets holding the stolen ETH.
- However, Lazarus has a history of waiting years before moving stolen funds. They do not negotiate or return money.
Bybit’s Response and Recovery Efforts
Bybit’s CEO, Ben Zhou, reassured users that:
- Client funds are 1:1 backed – meaning every user’s balance is covered.
- Enough liquidity is available to cover withdrawals.
- All other wallets remain secure, meaning the attack was limited to a single instance.
- Bybit is actively working with cybersecurity and blockchain analytics experts to track and recover the stolen funds.
- A $140 million reward (10% of the stolen amount) is being offered to those who assist in recovering the lost assets.
What This Means for You as an Investor
- This isn’t the first major crypto heist, and it won’t be the last.
- Crypto security is not just about technology—it’s about people. Hackers often manipulate individuals rather than breaking code.
How to Protect Your Crypto Assets
- Use True Cold Storage – If a wallet touches the internet, it’s not truly cold. Keep large holdings offline in a hardware wallet.
- Verify Before Signing – Always check what you’re signing, even if the interface looks legitimate.
- Diversify Your Holdings – Never keep all your assets in one exchange or one wallet.
- Secure Your Keys – Use a hardware wallet like Ledger or Trezor. Do not store private keys on your computer or cloud storage.
- Assume You’re a Target – Hackers don’t attack systems; they attack people. Be cautious of emails, messages, and unexpected requests.
Final Takeaway: Stay Vigilant & Stay Safe
The Bybit hack is a wake-up call for investors and crypto exchanges alike. Even the most secure platforms are vulnerable to human manipulation.
If you invest in crypto, always prioritize security, spread your risk, and stay cautious of social engineering attacks. The best defense against hackers like Lazarus is awareness and strong security habits.
Sources: The Guardian, AP, Business Insider.
Bitcoin Strategy & Wealth Protection ? Founder ? Board Director ? MEA Market Entry & Energy Monetization ? UHNWIs ? Family Offices ? Governments ? SMEs
6 天前This isn’t just a crypto scandal, it’s a global cybersecurity crisis. How did they pull it off? What does this mean for the future of?bitcoin?? Let’s break it down .???? https://www.dhirubhai.net/pulse/bybits-15b-heist-bitcoin-manifesto-against-crypto-sooly-kobayashi-hvxde
Managing Director at AL-KHAN STEEL & BUILDING MATERIALS CO F.Z.C UAE
6 天前Very informative, Thanks for sharing.
Operations Lead @ CyVers | Sales & Business Operations
6 天前Could this attack have been prevented? Yes! How? With CyVers' Real-Time Transaction Firewall. We're talking about 100% prevention potential here. DM for details.