Incident Details
On February 21, 2025, Dubai-based crypto exchange Bybit fell victim to a hacking attack that resulted in the theft of approximately $1.5 billion (¥220 billion) worth of cryptocurrency. The stolen assets were predominantly Ethereum (ETH), with hackers successfully breaching one of Bybit’s offline Ethereum wallets. This represents an unprecedented scale of financial loss, surpassing previous record-breaking hacks such as the Mt. Gox incident in 2014 ($470 million) and the Poly Network breach in 2021 ($611 million). Bybit reported that around 70% of the Ethereum holdings on the platform were compromised, triggering a massive $4 billion in user withdrawals as panic spread among investors.
FBI’s Statement and Evidence
On February 26, the Federal Bureau of Investigation (FBI) officially confirmed that North Korea was responsible for the attack. The FBI identified the attack as part of a broader campaign known as “TraderTraitor”, a long-standing cyber theft operation attributed to North Korean state-sponsored hacking groups. Investigations revealed that the stolen assets were quickly converted into Bitcoin and other cryptocurrencies and distributed across thousands of digital wallets, a tactic consistent with past North Korean cybercriminal activity. The FBI also found that some of the addresses used in this incident overlapped with previously identified North Korean-linked wallets, providing critical evidence that led to the conclusion of state involvement. U.S. officials have reiterated concerns that North Korea uses stolen digital assets to finance its nuclear and missile programs.
Comparison with Previous Attacks
This incident surpasses all previous cryptocurrency hacks in terms of scale. The 2014 Mt. Gox hack led to $470 million in losses, while the 2022 Ronin Network hack resulted in $625 million stolen from an Axie Infinity-related blockchain system. Both attacks significantly impacted the crypto industry, with regulators and security firms calling for stricter security measures. North Korean hackers have been behind several major incidents, with an estimated $3 billion stolen since 2017, making the country one of the most aggressive players in cybercrime targeting the crypto space.
Impact on the Cryptocurrency Market
This massive hack sent shockwaves through the crypto market. In the immediate aftermath, Bybit saw unprecedented withdrawal volumes exceeding $4 billion as users rushed to secure their funds. Market-wide concerns over security led to increased sell-offs, causing Bitcoin (BTC) to drop nearly 20% within days, wiping billions off the total crypto market capitalization.
Bybit quickly reassured its users, stating that customer funds remain fully backed and all losses would be covered by the company, which helped stabilize the situation. Nonetheless, the event exposed deep-seated vulnerabilities within centralized exchanges and renewed discussions on the importance of decentralized security models.
Expert Opinions and Future Countermeasures
Security experts analyzing the attack emphasized that this was a sophisticated operation targeting human vulnerabilities rather than technical exploits. Analysts urged exchanges to implement stronger internal security protocols, including multi-signature authentication and stricter withdrawal limits to prevent similar breaches in the future.
In response to the attack, Bybit announced new blacklist APIs for stolen asset tracking and introduced a bounty program offering up to 10% of the stolen funds for information leading to asset recovery. International law enforcement agencies have launched a coordinated effort to trace and freeze the stolen assets, though the majority remains unaccounted for. Given the nature of blockchain transactions, reversing stolen funds is technically and legally complex, making preventative security measures more crucial than ever.
Industry experts argue that the attack underscores the urgent need for comprehensive cybersecurity frameworks, including independent audits, enhanced emergency response plans, and improved intelligence-sharing across exchanges. Many believe that regulatory bodies will now increase pressure on exchanges to strengthen security measures, ensuring that another record-breaking hack does not occur.
