On February 21, 2025, a potential record-breaking crypto hack sent shock waves in the cryptocurrency community. Crypto platform Bybit in Dubai announced a devastating security breach in which hackers had stolen about $1.5 billion worth of Ethereum (ETH) from a cold wallet. Here’s a detailed timeline of the Bybit hack.
Timeline of the Bybit Hack
February 21, 2025: The Hack Unfolds
The Bybit hack began early this morning when hackers broke into Bybit’s “cold wallet”—a super-secure, offline digital safe meant to protect customer funds. During a routine move of money to a “warm wallet” for trading, malware tricked Bybit’s system. It made employees think they were approving a normal transfer, but the hackers changed the smart contract behind the scenes, stealing about $1.46 billion in ETH and sending it to unknown addresses. Bybit quickly shared the news on X, admitting the huge loss but promising they could still pay everyone back.
February 21, 2025: Arkham Confirms Outflows and Identifies Culprits
Within hours, blockchain detectives at Arkham Intelligence had already established that around $1.4 billion had been stolen and was already being laundered into new accounts to be sold or covered up. Arkham even issued a reward to identify who was behind it, and by afternoon, a crypto detective by the name of ZachXBT tracked blockchain trails to implicate North Korea’s Lazarus Group—a infamous hacking collective. This rapid detective work showed just how powerful blockchain tracking can be and how sneaky attackers can be.
February 22, 2025: Bybit Fights Back with Withdrawals and Solvency
By the next day, Bybit’s CEO, Ben Zhu, worked hard to calm everyone down. They told customers their money was safe and handled over 580,000 withdrawal requests, proving the exchange could still let people take their money out. Bybit borrowed money and got big deposits from rich investors to refill their reserves within 72 hours, keeping things running smoothly.
February 23, 2025: Elliptic Suggests North Korean Involvement
Another company, Elliptic, said the way the stolen money was being moved looked a lot like tricks used by North Korean hackers. They noticed the hackers were quickly turning the Ethereum into Bitcoin and spreading it out to hide it.
February 24, 2025: Bybit Launches Recovery Bounty Program
Bybit launched a “recovery bounty program” on X, offering up to 10% of any stolen money they get back as a reward for anyone who helps track or freeze the funds. They teamed up with companies like Chainalysis, Elliptic, and Safe (who made their wallet) to fix security problems and chase the money. This teamwork showed how important it is for the crypto world to work together during a crisis.
February 25, 2025: FBI Confirms North Korea’s Role
The FBI agreed with the earlier suspicions, announcing that North Korea’s Lazarus Group was behind the hack. This group is famous for stealing crypto to help fund North Korea’s government, dodging international rules.
February 26, 2025: TRM Labs and Chainalysis Detail North Korean Tactics
More reports from TRM Labs and Chainalysis explained how North Korea often targets crypto exchanges and uses complicated moves to hide stolen money across different blockchains. They said this hack was part of a bigger pattern of North Korea stealing billions in crypto over the years.
February 27, 2025: Supply Chain Attack Revealed
A news site called The Hacker News shared that the hack happened because of a “supply chain attack” on Safe{Wallet}—meaning the hackers got into Bybit through a weak spot in Safe’s system, not just Bybit’s own security. This made it clear how risky these connected systems can be.
March 4, 2025: Hackers Fully Launder Stolen Funds
News from Cointelegraph said the hackers had fully laundered the stolen $1.4 billion. They used a service called THORChain to turn most of the Ethereum into Bitcoin and spread it across 6,954 wallets, making it almost impossible to follow. This move created over $5.5 billion in transactions on THORChain, earning the platform $5.5 million in fees, and raised big questions about whether DeFi tools are helping bad guys.
Bybit’s Ongoing Battle and What It Means for Crypto
As of March 7, 2025, Bybit is still fighting to recover. They’ve praised CEO Ben Zhu on X for leading through this tough time, but with the money fully laundered, it’s really hard to get any of it back. So far, 11 groups, including Mantle, Paraswap, and ZachXBT, have helped freeze $42 million of the stolen funds, earning $2.1 million in rewards. But most of the $1.5 billion is still gone, showing how tricky it is to stop these kinds of attacks once they happen.
This hack has sent shock waves throughout the crypto community. It shows how vulnerable it can be to leave funds in exchanges, even exchanges as reputable as Bybit. It also points to North Korea as a focus country behind hacking, stealing cryptocurrency to support it. Now, governments, crypto companies, and DeFi platforms are talking about tighter security regulations, better monitoring tools, and cooperation to stop hackers like Lazarus.
Conclusion
For Bybit, it’s a question of rebuilding trust. They have been communicative and honest, and that’s a bonus, but they’ll have to offer longer-term security updates to win back customers. For everyone else in crypto, it’s a wake-up call to get safer and wiser in the face of expanding threats.
In the ultimate reckoning, Bybit’s hack in February 2025 serves as a turning-point in digital money. It shows us both the wondrous potential and ghastly risks of crypto and challenges everyone to do better to make it secure.
Find more articles on the MevX Blog!
