In a significant security breach on February 21, 2025, cryptocurrency exchange Bybit suffered the theft of approximately $1.4 billion in Ethereum (ETH).

The attack has been attributed to the notorious North Korean hacking group, Lazarus Group, known for orchestrating large-scale cryptocurrency heists.

Link to Previous Phemex Hack

Further investigations have revealed that the same wallets involved in the Bybit hack were also linked to a $29 million theft from crypto exchange Phemex in January 2025. This connection was established through on-chain data analysis, indicating that the Lazarus Group was behind both attacks.

Modus Operandi

The hackers employed a deceptive transaction that manipulated the logic of a smart contract, enabling them to bypass Bybit's multi-signature (multi-sig) security measures. This sophisticated method allowed unauthorized access to the exchange's cold wallet, leading to the substantial loss of funds.

Industry Response

In the wake of the hack, Bybit experienced a surge in withdrawal requests, commonly referred to as a "bank run," as users hurried to secure their assets. To support Bybit during this crisis, fellow cryptocurrency exchange Bitget transferred 40,000 ETH (approximately $105 million) from its reserves to help maintain liquidity. Additionally, Bitget has blocked the wallets associated with the hackers and is closely monitoring their activities.

Implications for the Crypto Community

This incident underscores the persistent threats posed by sophisticated hacking groups like the Lazarus Group to the cryptocurrency industry. It highlights the necessity for exchanges to continually enhance their security protocols and for users to remain vigilant in protecting their digital assets.

As the situation develops, the crypto community is closely monitoring for further updates and potential measures to prevent such breaches in the future.

Comments (0)