Cryptocurrency exchange Bybit suffers largest-ever theft of $1.46 billion, offering 10% reward for help in recovering funds

A theft of $1.46 billion worth of cryptocurrency occurred at Dubai-based cryptocurrency exchange Bybit. Blockchain analysis company Elliptic has pointed out that the theft was the work of North Korean threat actor Lazarus Group.

Bybit detected activity one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…

— Bybit (@Bybit_Official)

February 21, 2025

The Largest Theft in History - Following the Money Trail from the Bybit Hack
https://www.elliptic.co/blog/bybit-hack-largest-in-history

According to Bybit, the security features of the Ethereum wallet were exploited, and the cryptocurrency stored there was transferred to an unknown address. The amount stolen was equivalent to $1.46 billion, which is equivalent to approximately 225 billion yen in Japanese yen.

The largest case of cryptocurrency theft was in 2021, when the cryptocurrency platform 'Poly Network' was hacked, resulting in the theft of $611 million, or over 60 billion yen at the time, but the amount of damage this time is more than twice that.

Over 60 billion yen worth of virtual currency stolen in hacking incident - GIGAZINE

In the Poly Network case, the hackers began returning the funds the day after the theft, and completed the full amount about two weeks later.

Bybit is the world's second largest cryptocurrency exchange by trading volume, with 60 million users worldwide. Founder and CEO Ben Chou explained that 'Even if the losses from this theft are not recovered, Bybit has the ability to pay and all customer assets are backed up one-to-one, so we can cover the losses.' However, he said that withdrawal requests are increasing.

Bybit is offering a reward of 10% of the stolen amount to experts seeking their help in recovering the funds.

British blockchain analysis company Elliptic has named the North Korean threat actor 'Lazarus Group' as the perpetrator of the theft. According to Elliptic, the Lazarus Group's money laundering method involves immediately exchanging the stolen tokens for native blockchain assets such as Ethereum and Bitcoin to avoid freezing them, and then 'layering' the stolen assets to hide the traces of the transaction.

In this theft, Ethereum tokens such as stETH and cmETH were stolen and immediately exchanged for Ethereum, suggesting they are in the middle of the layering process.

According to Elliptic's analysis, the stolen assets were sent to 50 different wallets in approximately 10,000 ETH each within two hours of the theft. As of 9:00 p.m. on Monday, February 24th (Japan time), 14.5% of the stolen assets, or the equivalent of $195 million (approximately 29.2 billion yen), had already been moved from the wallets.

The Lazarus Group is said to be one of the most sophisticated and well-resourced groups involved in laundering cryptocurrencies, and is constantly improving its techniques to avoid the identification and seizure of its stolen assets.

Elliptic reports that it began working with Bybit and others to trace the funds within minutes of the theft and is working around the clock to ensure that North Korea does not profit from it.