Bybit: The $1.5 Billion Heist That Shook Crypto

The largest crypto hack ever. $1.5 billion. One transaction.

Bybit exchange

February 21, 2025. A routine transaction on Bybit's multi-sig Safe wallet turned into the largest single theft in cryptocurrency history. $1.5 billion in Ethereum. Gone.

The attack was terrifyingly sophisticated. The Lazarus Group, North Korea's state-sponsored hacking unit, didn't break the Safe wallet's cryptography. They went after something much harder to defend: the human interface. They compromised the Safe wallet's UI layer, manipulating what the signers saw on their screens. The transaction looked like a normal internal transfer. The signers approved it. But under the hood, the smart contract logic had been altered to redirect funds to the attacker's address.

Bybit CEO Ben Zhou announced the hack within hours, confirming that the exchange's hot wallet was not affected and that user funds were safe. Unlike many exchanges that fold after major hacks, Bybit moved fast. They launched a recovery bounty program, coordinated with law enforcement, and secured emergency liquidity to cover the gap.

The FBI attributed the attack to the Lazarus Group within weeks. The same North Korean outfit that had hit Ronin Bridge for $625 million three years earlier. This time they'd refined their technique, targeting the trust layer between humans and their tools rather than the blockchain itself.

The crypto industry collectively realized something unsettling: if a state-sponsored group can manipulate what you see on your screen, no amount of on-chain security matters. The weakest link isn't the blockchain. It's the screen you're reading this on.