TLDR
- The Bybit hack occurred on February 21st, with over $1.4 billion in losses.
- The perpetrators were The Lazarus Group, a North Korean government-funded hacker outfit.
- Bybit had funds to cover all losses and kept the platform operational.
On February 21, 2024, the crypto industry witnessed its largest hack to date. Bybit, one of the prominent cryptocurrency exchanges, fell victim to a sophisticated cyberattack that drained over $1.4 billion from its reserves.
To put this into perspective, this single hack accounted for more than 60% of all crypto funds stolen in 2024.
For comparison, the second-largest hack in crypto history involved the Ronin Network back in March 2022. That attack resulted in a $600 million loss, but Bybit’s disaster now dwarfs it by more than double. This wasn’t just another hack — it was a wake-up call for the entire crypto community.
What Made the Bybit Hack Unique?
Unlike many crypto attacks, this one targeted one of Bybit’s cold wallets. These wallets are supposed to be the highly secure, offline treasure chests of the crypto world.
But the attackers didn’t brute-force their way in or exploit a random vulnerability. Instead, they used an advanced social engineering tactic. Essentially, they tricked signers — individuals trusted to authorize transactions — into approving a malicious operation. Before anyone realized what was happening, billions in crypto were gone.
And while hindsight is 20/20, this hack reminds you that no system is 100% safe, even one fortified by strong security measures.
What Was Bybit’s Response?
When most exchanges face hacks of this magnitude, operations grind to a halt, withdrawals are frozen, and users are left refreshing their feeds for updates. Bybit, however, took a different approach.
CEO Ben Zhou addressed the community directly in a video statement, emphasizing transparency and assuring users that the exchange would honor all withdrawals. Zhou confirmed that Bybit had sufficient funds to cover the situation, not by dipping into reserves, but by securing liquidity through external support.
Soon after the hack, on-chain data revealed Bybit received approximately 100,000 ETH in inflows from other crypto exchanges such as Binance and Bitget. These weren’t donations or gifts — these were loans specifically structured to maintain operations. Notably:
- Binance clarified that funds linked to its platform came not from the company itself but likely from large investors offering loans.
- Bitget provided support directly, backing up its participation to ensure Bybit could stay afloat. Bitget’s CEO, Gracie Chen, also confirmed that their team blacklisted the hacker’s wallets to prevent any stolen funds from cycling through their exchange.
Bybit’s unconventional crisis management approach deserves some credit for maintaining user trust during the chaos. Keeping withdrawals open might have been a risky move, but it sent a clear message — they weren’t leaving users in the lurch.
What Role Did Lazarus Group Play?
By now, if you’re following crypto headlines, the name “Lazarus Group” has likely crossed your feed. This North Korean government-backed group of hackers has become infamous for its sophisticated attacks. If there’s a massive crypto hack, odds are Lazarus is involved, and the Bybit case is no different.
Security analysts, including Arkham Intelligence and ZachXBT, have linked the Bybit hack to Lazarus Group. This organization’s hallmark strategies rely on high-level social engineering and deception techniques — precisely what was employed during this attack.
Lazarus Group wasn’t exactly slacking in 2024, amassing a jaw-dropping $1.34 billion in stolen crypto assets before Bybit’s woes even hit the ledger. This isn’t just a hack — it’s part of a larger strategy that’s raising security alarms across the industry.
What Do Bybit Users Do Now?
In our opinion, nothing. Despite the hack, the platform is operational and has reserves in place to cover users.
The most important thing is to use centralized platforms that won’t fold up like a cheap box the second disaster strikes. The second is to use a hardware wallet for all of your decentralized activities. After that, follow standard internet safety and password protocols.
And while there’s no perfect way to guard against every threat, understanding these risks is the final step in securing your assets. If you haven’t done so yet, take the time to dig into the risks associated with crypto. While the industry has come a long way, there is still work to be done as far as safety.
What Does This Mean for the Future of Crypto?
The Bybit hack is a reminder of one unshakable truth — crypto is still in its formative years. The technology brings incredible opportunities, but it’s also a playground for bad actors seeking to exploit vulnerabilities.
Despite its challenges, blockchain data shows that legitimate crypto uses are outpacing illicit activity. That’s right — most people interacting with cryptocurrency aren’t criminals. They’re businesses, developers, and users trying to explore its potential.
However, the industry will need to take a stronger stance on security if it wants to maintain legitimacy. Accountability within the crypto sphere is not just about recovering stolen funds — it’s about restoring trust.
An Optimistic Ending?
For many, the Bybit case is a harsh reality check. Even centralized exchanges with deep security measures can suffer catastrophic breaches. But 2024 was a rough year for them in general, which we reported on at the end of last year.
But here’s what we like — crypto is resilient. It has overcome major setbacks before, and innovations to strengthen security are already in motion. For users, this is the time to be extra vigilant and proactive.
If you’re just stepping into the crypto world, know this — every mishap like Bybit’s teaches the industry (and you) how to be better. Crypto might not be perfect, but it’s growing, evolving, and improving every single day.
