Bybit Exchange hit by security incident, loses $1.4 Billion causing Ethereum price drop

Cryptocurrency platform Bybit Exchange was hit by a severe security breach on February 22, 2025, resulting in the theft of approximately $1.4 billion in Ethereum-based tokens. The incident occurred during what was intended to be a routine transfer between the exchange's wallets, specifically during an attempted transfer from their ETH multisig cold wallet to their warm wallet.

The attackers managed to manipulate the signing interface during a planned wallet transfer, masking their true intentions while modifying the underlying smart contract logic. While Bybit's team believed they were authorizing a standard transfer, they were unknowingly approving a transaction that altered their cold wallet's smart contract, ultimately enabling the unauthorized withdrawal of funds. The stolen assets included:

• Liquid-staked Ether (stETH)
• Mantle Staked ETH (mETH)
• Various other ERC-20 tokens

The impact of the breach extended beyond Bybit itself, triggering market volatility in the cryptocurrency sector. Ethereum's price declined by 2% to $2,685, while Bitcoin experienced a drop of over 1% to $96,632. The exchange reported transaction volumes surging to 100 times their normal levels, causing processing delays, particularly for large withdrawals.

In response to the incident, Bybit CEO Ben Zhou announced that rather than immediately purchasing ETH to cover the losses, the exchange would work with partners to secure bridge loans. The exchange claims that other cold wallets remain secure and withdrawals are continuing to function normally.

Blockchain security firm SlowMist has noted similarities between this attack and a previous hack of Radiant Capital, which was attributed to North Korean hackers.

Crypto investigator ZachXBT claims that the Bybit attack was performed by the North Korean Lazarus Group. Arkham reports that ZachXBT submitted "definitive proof" that linked this recent exploitation to the Lazarus Group.