On the night of February 21, Ben Zhou, the CEO of cryptocurrency exchange Bybit, logged on to his computer to approve what appeared to be a routine transaction. His company was moving a large amount of ether, a popular digital currency, from one account to another.
Thirty minutes later, Zhou got a call from Bybit’s chief financial officer. In a trembling voice, the executive told Zhou that their system had been hacked.
“All of the ethereum is gone,” he said.
When Zhou approved the transaction, he had inadvertently handed control of an account to hackers backed by the North Korean government, according to the FBI. They stole $1.5 billion in cryptocurrencies, the largest heist in the industry’s history.
To pull off the astonishing breach, the hackers exploited a simple flaw in Bybit’s security: its reliance on a free software product. They penetrated Bybit by manipulating a publicly available system that the exchange used to safeguard hundreds of millions of dollars in customer deposits. For years, Bybit had relied on the storage software, developed by a technology provider called Safe, even as other security firms sold more specialised tools for businesses.
The hack sent crypto markets into a free fall and undermined confidence in the industry at a crucial time. Under the crypto-friendly Trump administration, industry executives are lobbying for new US laws and regulations that would make it easier for people to pour their savings into digital currencies. On Friday, the White House is scheduled to host a “crypto summit” with President Donald Trump and top industry officials.
Crypto security experts said they were troubled by what the heist revealed about Bybit’s safety protocols. The losses were “completely preventable,” one security firm wrote in an analysis of the breach, arguing that it “should not have happened.” Safe’s storage tool is widely used in the crypto industry. But it is better suited to crypto hobbyists than exchanges handling billions in customer deposits, said Charles Guillemet, an executive at Ledger, a French crypto security firm that offers a storage system designed for companies.
At Bybit, the hack set off a frantic 48 hours. The company oversees as much as $20 billion in customer deposits but did not have enough ether on hand to cover the losses from the $1.5 billion heist. Zhou, 38, raced to keep the business afloat by borrowing from other firms and drawing on corporate reserves to meet a surge of withdrawal requests. On social media, he seemed surprisingly relaxed, announcing a few hours after the theft that his stress levels were “not too bad.” As the crisis unfolded, the price of bitcoin, a bellwether for the industry, plunged 20 per cent. It was the steepest drop since the 2022 failure of FTX, the exchange run by disgraced mogul Sam Bankman-Fried.
Rahul Rumalla, Safe’s chief product officer, said in a statement that his team had created new security features to protect users and that Safe’s products were “the treasury backbone for some of the largest organisations in the space.” Founded in 2018, Bybit operates as a crypto marketplace, where day traders and professional investors can convert their dollars or euros into bitcoin and ether. Many investors treat exchanges like Bybit as informal banks, where they deposit crypto holdings for safekeeping.
By some estimates, Bybit is the world’s second-largest crypto exchange, processing tens of billions of dollars every day. Based in Dubai, United Arab Emirates, it does not offer services to customers in the United States.
On February 21, Zhou was at home in Singapore, finishing up some work, he said in the interview.
But first, he and two other executives needed to sign off on a transfer of cryptocurrencies from one account to another. These routine transfers are supposed to be secure: No single person at Bybit can execute them, creating multiple layers of protection from thieves.
Behind the scenes, however, a group of hackers had already broken into Safe’s system, according to Bybit’s audit of the hack. They had compromised a computer belonging to a Safe developer, a person with knowledge of the matter said, enabling them to plant malicious code to manipulate transactions.
A link sent via Safe invited Zhou to approve the transfer. It was a ruse. When he signed off, the hackers seized control of the account and stole $1.5 billion in crypto.
The sudden outflows showed up on the blockchain, a public ledger of crypto transactions. Crypto analysts quickly identified the culprit as the Lazarus Group, a hacking syndicate backed by the North Korean government.
To limit the damage, other crypto companies offered to help. Gracy Chen, the CEO of a rival exchange, Bitget, lent Bybit 40,000 in ether, or roughly $100 million, without requesting any interest or even collateral.
After looting Bybit, the North Korean hackers spread the stolen funds across a vast web of online crypto wallets, a money-laundering strategy they had also employed after other heists.
Zhou said he wished he had taken action sooner to bolster Bybit’s defences. “There’s a lot of regrets now,” he said. “I should have paid more attention on this area.” Still, Bybit continued operating after the hack, processing all the withdrawals within 12 hours, Zhou said. Not long after the breach, he announced on X that the company was moving around another $3 billion in crypto.
“This is planned manoeuvre, FYI,” he wrote. “We are not hacked this time.” — The New York Times
FOR GRAPH POINTS
Here are some of the other major thefts to have plagued the industry since bitcoin was born in 2008.
POLY NETWORK
Hackers stole around $610 million in August 2021 from Poly Network, a platform that facilitates peer-to-peer token transactions. The hackers behind the heist later returned nearly all of the stolen funds.
RONIN NETWORK
Hackers stole cryptocurrency worth — at the time of the hack — around $540 million from a blockchain project linked to the popular online game Axie Infinity in March 2022.
COINCHECK
In January 2018, hackers stole cryptocurrency then worth around $530 million from Tokyo-based exchange Coincheck.
MT GOX
In one of the earliest and most-high profile crypto hacks, bitcoin worth close to $500 million dollars was stolen from the Mt Gox exchange in Tokyo between 2011 and 2014.
Mt Gox, which once handled 80 per cent of the world's bitcoin trade, filed for bankruptcy in early 2014 after the hack was revealed, with some 24,000 customers losing access to their funds.
WORMHOLE DeFi site
Wormhole was hit by a $320 million heist last month, with the hackers making off with 120,000 digital tokens connected to the second-largest cryptocurrency, ether.
Oman Observer is now on the WhatsApp channel. Click here
