- Lazarus Group stole $1.4B ETH from Bybit’s cold wallet on Feb. 21, 2025.
- Bybit’s reserves hold $3B USDT, $1.2B ETH, $6.71B BTC post-$1.4B hack.
- Binance, Bitget sent 100,000 ETH to aid Bybit after the record-breaking theft
Cryptocurrency exchange Bybit faced a historical security attack on February 21, 2025. Lazarus Group, with ties to North Korea, stole $1.4 billion in Ethereum (ETH) funds stored in the platform’s cold wallet. CEO Ben Zhou from Bybit confirmed that the hackers focused their attack on an isolated ETH cold storage wallet, but internal systems remained secure. The exchange operated normally and supported withdrawals during the crisis period.
Industry experts and on-chain analysts quickly traced the theft to Lazarus Group, known for previous high-profile crypto heists. ZachXBT, a crypto investigator, connected the exploit to earlier attacks on Phemex and BingX, earning a 50,000 ARKM token bounty from Arkham Intelligence.
Bybit’s decision to keep withdrawals open, backed by sufficient reserves, contrasts with typical post-hack responses. Zhou noted that the platform holds $3 billion in USDT, $1.2 billion in ETH, and $6.71 billion in BTC, ensuring liquidity.
Industry Leaders Respond to Bybit’s Hack
Binance founder Changpeng Zhao (CZ) addressed the hack on X, highlighting a troubling rise in crypto thefts. He commended Zhou for transparency and calm leadership, contrasting it with less open responses from FTX and WazirX CEOs during their breaches. CZ advised exchanges to halt withdrawals temporarily after attacks to investigate and secure systems. He cited Binance’s 2019 hack, where a week-long pause led to increased deposits afterward.
I do agree with CZ that if this hack was conducted through penetrating our internal systems such as any part of the withdraw system or one of our hot wallet was breached, we would've halted all withdraws until we find the root cause of the problem. In the case of yesterday, it… https://t.co/fxmGLbgOP7
— Ben Zhou (@benbybit) February 22, 2025
Zhou agreed with CZ’s security-focused approach but clarified why the crypto exchange avoided a withdrawal freeze. Since the breach did not compromise internal systems or hot wallets, the team saw no need to halt operations. Zhou expressed gratitude to Binance, Bitget, and other partners for offering immediate support. Notably, Binance and Bitget sent 100,000 ETH to bolster the crypto exchange’s liquidity, though CZ clarified these came from users or whales, not Binance itself.
Crypto Community Examines Security Trends
The Bybit hack underscores vulnerabilities in multi-signature cold storage, a method once considered secure. CZ noted that hackers manipulated the transaction interface, exposing flaws across different security providers. This pattern suggests Lazarus Group exploits systemic weaknesses, not just individual platforms. Bitget CEO Gracie Chen confirmed her exchange blacklisted the hackers’ wallets to prevent further illicit transactions.
The crypto exchange’s reserves faced pressure, dropping an overall $5.3 billion decline in total assets. However, auditor Hacken verified that user funds remain fully backed. Zhou emphasized industry solidarity, stating that support from peers strengthens it’s recovery outlook. The incident prompts renewed focus on enhancing crypto exchange security as threats grow more sophisticated.
