On the night of February 21, Ben Zhou, the CEO of Exchange of Bybit Cryptocurrencies, accessed his computer to approve what seemed to be a routine transaction. His company was moving a large amount of Ether, a popular digital currency, from one account to another.
Thirty minutes later, Zhou received a call from Bybit’s chief financial officer. With a trembling voice, the executive informed Zhou that the system had been hacked.
“All Ethereum left,” he said.
When Zhou approved the transaction, he unknowingly delivered control of a hacker account supported by the FBI. They, the biggest theft in industry history.
Read more:
To make the impressive invasion, hackers explored a simple BYBIT security failure: their dependence on a free software product. They penetrated bybit by manipulating a publicly available system that Exchange used to protect hundreds of millions of dollars in customer deposits. For years, Bybit had trusted storage software developed by a technology supplier called Safe, even while other security companies sold more specialized business tools.
Continues after advertising
The hack has made cryptocurrency markets falling vertiginously and leaned confidence in the industry at a crucial time. Under the administration favorable to Trump cryptocurrencies, industry executives are lobbying for new US laws and regulations that would make it easier for people to invest their economies in digital currencies. This Friday (7), the White House is expected to host a “cryptocurrency dome” with President Donald Trump and important industry names.
Cryptocurrency security experts said they were concerned about what the theft revealed about Bybit’s security protocols. Losses were “completely avoidable,” a security company wrote in an invasion analysis, arguing that “this should not have happened.”
Safe storage tool is widely used in the cryptocurrency industry. But it is better for cryptocurrency enthusiasts than for exchanges that deal with billions in client deposits, said Charles Guillemet, a Ledger executive, a French cryptocurrency security company that offers a business storage system.
Continues after advertising
“This really needs to change,” he said. “It is not an acceptable situation in 2025.”
At Bybit, Hack triggered 48 frantic hours. The company supervises up to $ 20 billion in customer deposits, but did not have enough ether in hand to cover the $ 1.5 billion theft losses. Zhou, 38, ran to keep the business running, lending from other companies and using corporate reserves to meet an increase in withdrawal requests. On social networks, he seemed surprisingly relaxed, announcing a few hours after the theft his stress levels were “not very bad.”
As the crisis unfolded, the price of Bitcoin, an indicator of the industry, plummeted 20%. It was the biggest drop since FTX’s bankruptcy in 2022, the exchange directed by the magnate fallen in disgrace Sam Bankman-Fried.
Continues after advertising
In an interview this week, Zhou acknowledged that Bybit had notice about possible problems with Safe. Three or four months before Hack, he said, the company realized that the software was not fully compatible with one of its other security services.
“We should have done the update and away from Safe,” said Zhou. “We are definitely seeking to do this now.”
Rahul Rumalla, Safe Product Director, said in a statement that his team had created new security features to protect users and that Safe products were “the backbone of the treasure for some of the largest organizations in the sector.”
Continues after advertising
“Our job is not just to correct what happened,” said Rumalla, “but ensure that the whole industry learn from it, so that it doesn’t happen again.”
Founded in 2018, Bybit operates as a cryptocurrency market, where daily traders and professional investors can convert their dollars or euros to Bitcoin and Ether. Many investors treat exchanges like Bybit as informal banks, where they deposit their safety cryptocurrencies.
According to some estimates, Bybit is the second largest cryptocurrency exchange in the world, processing tens of billions of dollars every day. Headquartered in Dubai, United Arab Emirates, does not offer customer services in the United States.
On February 21, Zhou was at home in Singapore, ending some work, he said in the interview.
But first, he and two other executives needed to approve a cryptocurrency transfer from one account to another. These routine transfers should be safe: no one person on bybit can run them, creating multiple layers of thieves protection.
Behind the scenes, however, a group of hackers had already invaded the Safe system, according to the BYBIT audit about the hack. They had compromised a computer belonging to a Safe developer, said a person with knowledge of the subject, allowing them to plant malicious code to manipulate transactions.
A link sent by Safe invited Zhou to approve the transfer. It was a trap. When he signed, hackers took control of the account and stole $ 1.5 billion in cryptocurrencies.
The sudden exits appeared in Blockchain, a public-league book of cryptocurrency transactions. Cryptocurrency analysts quickly identified the culprit as Lazarus Group, a hacker union supported by the North Korean government.
To limit damage, other cryptocurrency companies have offered to help. Gracy Chen, CEO of a rival Exchange, Bitget, lent 40,000 by BYBIT in Ether, or about $ 100 million, without requesting interest or even collateral.
After stealing bybit, North Korean hackers spread their funds stolen from a vast network of online cryptocurrency wallets, a money laundering strategy they had also employed after other thefts.
Zhou said he would like to have taken action earlier to reinforce Bybit’s defenses. “There are many regrets now,” he said. “I should have paid more attention in this area.”
Still, Bybit continued to operate after the hack, processing all withdrawals in 12 hours, said Zhou. Not long after the invasion, he announced in X that the company was moving about $ 3 billion in cryptocurrencies.
“This is a planned maneuver for your information,” he wrote. “We were not hacked this time.”
c.2025 The New York Times Company
