The cryptocurrency industry was shaken when Bybit, one of the leading crypto exchanges, reported a massive security breach that resulted in the theft of approximately $1.46 billion in digital assets. Initially, details surrounding the attack were scarce, with Bybit confirming that a cold Ethereum wallet had been compromised. However, recent developments have now identified the perpetrators.
According to the latest findings, the North Korean hacking collective Lazarus Group is behind the Bybit hack. This group, known for its previous cyberattacks on financial institutions and crypto platforms, has been implicated in multiple high-profile thefts, including:
The breakthrough in the investigation came from on-chain detective ZachXBT, a well-known figure in blockchain forensics. On February 21, 2025, at 19:09 UTC, ZachXBT submitted a detailed report proving Lazarus Group’s involvement. His findings included:
This evidence was shared with Bybit’s security team, strengthening their ongoing investigation and potential legal action.
Investigators believe the hackers executed the attack by manipulating a routine transfer between Bybit’s cold wallet and hot wallet. The attack involved:
Despite the staggering loss, Bybit’s CEO reassured users that all funds are backed 1:1, and customer withdrawals remain unaffected. The exchange has since:
The Bybit hack is a reminder of ongoing security risks in the crypto space. The involvement of Lazarus Group, which allegedly funds North Korea’s nuclear program through cyber thefts, raises serious concerns for regulators and exchanges.
Moving forward, exchanges and investors must:
With the Lazarus Group now confirmed as the mastermind behind the Bybit hack, the focus shifts to fund recovery and preventive measures. The work of ZachXBT and other blockchain investigators highlights how forensic analysis can expose even the most sophisticated cybercriminals.
The crypto industry will undoubtedly tighten its defenses, but this attack proves that no exchange is completely immune. As investigations continue, Bybit and the broader crypto ecosystem must adapt and fortify their security frameworks against future threats.