The cryptocurrency industry handles billions of dollars in transactions. Exchanges offer access to hundreds of different cryptocurrencies from a single place, something that users take advantage of mainly for trading. Bybit is one of the most well-known crypto exchanges, but it seems that someone inside has made a huge mistake. Bybit has suffered a huge crypto heist valued at $1.5 billion dollars.
This is the first crypto exchange heist worth over a billion dollars. Previous cases, such as Poly Network in 2021 and Binance in 2022, reached the equivalent of $611 million and $570 million, respectively. The Bybit breach becomes the largest theft ever made from a crypto platform — so far.
Somehow, the attackers managed to breach Bybit’s cold wallet. A cold wallet is generally safer, but it also requires you to be responsible for your credentials. If someone has access to your keys, they will have access to your cryptos and can immediately move them anywhere they want. Hot wallets, on the other hand, store your credentials on online servers, which could be exposed to potential attacks.
Exchanges are hot wallet tech for users. However, they in turn store funds in cold wallets — offline — to keep them safe. Anyway, someone has gained access to the private keys of a Bybit cold wallet, stealing the equivalent of $1.5 billion in Ethereum (ETH).
According to investigations, the stolen funds were quickly transferred and divided between multiple crypto platforms. Elliptic and Arkham Intelligence, a pair of blockchain analysis firms, have been following the trail of the funds. Elliptic linked the attack to North Korea’s Lazarus Group, which has been operating since 2017. The group gained notoriety after stealing $200 million worth of bitcoin from four South Korean exchanges. By the way, North Korea’s role is quite prominent when it comes to thefts from crypto platforms.
That said, the Bybit team has responded to the situation calmly. “Please rest assured that all other cold wallets are secure,” said Ben Zhou, CEO of Bybit, on X/Twitter. The company has not limited user withdrawals either. Still, as is normal after a breach like this, many responded by withdrawing their funds from the platform for fear of losing them.
Bybit wants to provide security to its wide user base. In line with this, they have requested a loan that will allow them to cover potential irrecoverable losses on the platform. So, at least for now, no one should fear the loss of their crypto assets.
Meanwhile, the matter remains under investigation. “We’ve labeled the thief’s addresses in our software, to help prevent these funds from being cashed-out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic.
