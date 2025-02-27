The crypto world was rocked last week by the biggest hack in history—$1.4 billion stolen from Bybit, one of the largest centralized exchanges. After several days of speculation, cybersecurity experts have finally pieced together how it all went down—and surprisingly, Bybit wasn’t to blame.

The attackers exploited Safe, a crypto wallet provider known for its security. The breach shows just how far hackers—especially North Korean groups—will go to pull off these high-stakes heists.

How the Bybit Hack Happened?

On February 23, 2025, Bybit confirmed that $1.4 billion worth of Ethereum and other tokens had been drained from its wallets. Initially, fingers were pointed at Bybit’s internal security. But independent audits by cybersecurity firms Verichains and Sygnia Labs shifted the spotlight to Safe.

Safe, which manages multi-signature crypto wallets, had its infrastructure compromised. Hackers slipped malicious JavaScript code into Safe’s online system hosted on Amazon Web Services (AWS). The code sat silently, waiting for a specific trigger: Bybit’s contract address. Two days later, when Bybit interacted with Safe, the trap sprung, and the hackers drained the funds in minutes.

Who Did It?

All signs point to the Lazarus Group—North Korea’s notorious hacking collective. They’re the same group behind previous massive crypto thefts, including the $620 million Ronin Network hack in 2022. This latest breach shows that Lazarus is more sophisticated than ever.

This breach shows how advanced North Korean cyber operations have become. They’re operating at a level far beyond what most of the industry can defend against.

-Taylor Monahan, an expert on crypto hacks

How Bybit Responded?

Bybit acted fast, moving the majority of its remaining funds out of Safe’s wallets. The company insists its internal systems were never compromised, reassuring users that “Bybit is and remains 100% secure.”

To recover the stolen funds, Bybit has launched a bounty program offering up to $140 million to anyone with information on the hackers. They’ve also set up a public dashboard where users can track the investigation and report tips.

What About Safe?

Safe admitted that one of its developer machines was compromised but denied that its smart contracts or front-end code had any vulnerabilities. The company claims it has since rebuilt its infrastructure and changed all credentials. But for many in the crypto community, the damage is already done.

The Bigger Picture

The Bybit hack is a wake-up call for the entire crypto industry. North Korean hackers have been exploiting crypto platforms for years, yet many companies still aren’t taking security seriously enough.

Crypto platforms need to rethink their security strategies—whether that means decentralizing infrastructure, conducting regular security audits, or collaborating more with cybersecurity firms.

Conclusion

The Bybit hack shows how vulnerable even the biggest players in crypto can be. As North Korean hackers refine their techniques, the industry needs to step up its defenses. Bybit’s quick response might have minimized the damage, but the breach exposed cracks that need urgent fixing.

This heist should serve as a warning: no system is impenetrable. The crypto world must take security more seriously—or risk becoming a playground for state-sponsored cybercrime.