$1.46 Billion Stolen! The Biggest Hack in Crypto History

On Friday, Bybit announced on X.com there had been ‘unauthorised activity’ on its Ethereum (ETH) cold wallet. The result was the hacker making off with approximately 401,347 ETH, valued at around $1.46 billion. That makes it the biggest crypto heist in history.

Author

Adam Atlantic
February 24, 2025 • Estimated Reading Time: 6 minutes

I had plans to show you how to easily set up a regular Bitcoin buying plan today…

That changed over the weekend when the largest heist in crypto history took place. So, I’ll show you all about a regular Bitcoin buying plan tomorrow.

Today, we must look at what happened when North Korean hackers took control of the Bybit exchange and drained $1.46 billion of Ethereum (ETH).

Wind it Back to the Start

On Friday, Bybit announced on X.com there had been ‘unauthorised activity’ on its Ethereum (ETH) cold wallet. In short, their ETH wallet had been hacked.

The result was the hacker making off with approximately 401,347 ETH, valued at around $1.46 billion.[1] That makes it the biggest crypto heist in history.

Source: Bybit via X.com

Within the hour of the attack, CEO Ben Zhou, was hosting a livestream to explain what happened, what was going on, and to reassure the market the exchange was solvent and could cover the loss thanks to customer assets being 1-to-1 backed.

The attack was first flagged by renowned blockchain investigator ZachXBT, who has uncovered multiple large scams and attacks in the crypto industry over the years.

During his investigations, tracking of the attack, and following the movement of the ETH onchain, ZachXBT was able to definitively prove by the end of the weekend, the Lazarus Group was responsible for the attack.[2]

Who is the Lazarus Group

The Lazarus Group are North Korea’s own elite hacking team. They are a well-funded, highly organised group that has been responsible for some giant attacks over the years.

A couple you may remember were the huge attack on Sony in 2014. They stole a huge amount of data from Sony, information on new release films, sensitive internal information and employee information.

Lazarus Group is also believed to have been behind the ‘WannaCry’ global ransomware outbreak in 2017. That spread to over 150 countries and impacted critical infrastructure like the UK’s National Health Service (NHS). Ambulances were cancelled, surgeries cancelled, all in all it’s believed the cost to the NHS was over $116 million.[3]

Source: NBC News[4] 

Off the back of the attack, Ethereum’s price dropped around 6% but had recovered by Monday. There appears to be no reverberations from this and the market seems to have taken it in its stride.

That’s good. That’s a market that screams to me that it’s on the verge of a massive run higher. Had we been at the start of a new ‘crypto winter’ I would have expected this to send the whole crypto market lower.

A Fast (and Unexpected) Reminder

Afterwards, Bybit had to deal with a massive surge in withdrawal requests. They were able to meet them all and had resumed normal operations by Monday.

The wider industry was able to black flag the Ethereum wallets that received the ETH, meaning Lazarus Group can’t launder the ETH through exchanges. Ongoing tracking of the ETH is also taking place.

But the ETH is gone. Solutions to the problem are being considered, such as ‘rolling back’ the network to before the attack.

Whether that’s a feasible outcome, time will tell. However, it’s clear that as the market grows bigger, exchanges will continue to be a target from groups like Lazarus.

This is a very fast and unexpected reminder of something I wrote to you about just 12 days ago when we looked at the strange movements at Binance, saying (added emphasis),

What this is all a stark reminder of is to not keep your assets on any exchange long term.

Sure Binance is big, but can you say you trust it unconditionally?

I can’t. I never would. And I would say the same thing for other exchanges like Coinbase, Kraken, OKEx or any other third-party exchange.

You never really know how these things are run (as FTX clearly showed everyone). And you never have the same kinds of protections you typically get with traditional finance.

My view is that it’s always wise to store your crypto in a wallet, or hardware device that you and only you control.

I had no idea the biggest exchange hack in history would come so quickly.

But if you’re got crypto on any exchange that you’re holding long term, get it into self-custody. Remember as we said 12 days ago, not your keys, not your crypto.

Trust in crypto,
Adam Atlantic