Dubai-based cryptocurrency exchange Bybit has reported a massive security breach, resulting in the theft of digital assets worth over $1.5 billion. The attack, believed to be the largest crypto heist to date, targeted the platform’s Ethereum cold wallet—an offline storage system used for securing cryptocurrencies and encryption keys.
Hackers primarily stole ether tokens, transferring them across multiple wallets before using various platforms to liquidate the assets. In the aftermath of the breach, Ethereum’s value dropped by 4%, reaching approximately $2,641.41 per coin. Concerned about potential insolvency, users rushed to withdraw their funds from the exchange.
Bybit CEO Ben Zhou assured users that affected customers would be reimbursed and confirmed that other cold wallets remained secure. He emphasized that the exchange remains financially stable despite the loss, stating that all client assets are fully backed. Additionally, Bybit has reported the incident to authorities and is working with on-chain analytics firms to track the stolen funds and limit their liquidation.
Blockchain analytics firm Elliptic has linked the attack to the Lazarus Group, a North Korean state-sponsored hacking collective known for large-scale cyber thefts. The group has previously exploited security vulnerabilities in multiple crypto exchanges, using stolen assets to fund North Korea’s regime.
