Bybit
HackedExchange · born 2018 · ✝ 2025
The largest crypto theft in history — $1.5B gone in one signature.
Bybit was the world's second-largest crypto exchange when, on February 21, 2025, North Korea's Lazarus Group stole ~$1.5B in ETH during a routine cold-to-hot wallet transfer. The exchange survived by securing emergency liquidity.
- Peak
- $1.5B stolen (single heist)
- Cause
- Hacked
- Year of death
- 2025
☠️ Cause of death
Attackers compromised Safe Wallet's frontend, swapping the transaction Bybit's CEO thought he was signing. Despite multisig and cold-storage practices, a malicious UI redirect sent 401,000 ETH to Lazarus-controlled addresses.
📓 Lessons left behind
- —What you see on screen is not what you sign — verify on a second device.
- —Third-party wallet software is part of your attack surface.
- —Even bulletproof custody fails if one signer trusts a poisoned interface.
🌱 The idea that survived
Air-gapped signing & open-source UIs
Exchanges rushed to independent transaction verification, custom signing stacks, and reduced reliance on third-party wallet frontends.
#exchange#lazarus#safe-wallet#record-heist