Bybit’s $1.5 Billion Hack: The Largest in Internet History

It’s never a boring day in crypto—Bybit, one of the world’s largest crypto exchanges for spot and derivatives trading, was hacked this past Friday (2/21/2025) for over $1.5 billion (~400,000 ETH), making it the largest hack not only in crypto history but in the history of the internet. 

‍

Inside Bybit’s $1.5 Billion Hack: What We Know So Far

The exploit occurred when a hacker manipulated a wallet signature, tricking Bybit’s system into approving a transaction that altered the smart contract logic of its ETH cold wallet. The attack was disguised (or “musked”) to appear legitimate, showing the correct address and a trusted URL to Bybit’s team. However, in reality, they were unknowingly signing over full control of the cold wallet, allowing the hacker to drain all ETH to an unknown address. As expected, the market reacted with a sell-off, but Bybit has assured users that all other cold wallets remain secure and withdrawals are operating as usual. Despite the scale of the attack, Figure 1 shows that the stolen funds represent only 7.50% of Bybit’s $20 billion in assets under management. With deep liquidity and diversified holdings across Bitcoin, stablecoins, and other assets, Bybit remains fully solvent and has already addressed the breach, ensuring continued operations without disruption to user funds.

Figure 1: Bybit AUM Prior to Hack

Source: 21Shares, Arkham Intelligence

Thanks to the transparency of blockchain technology, where every transaction can be traced, blockchain security experts quickly identified The Lazarus Group, a North Korean state-backed hacking organization, as the perpetrators behind the Bybit exploit. The group has a long history of executing some of the largest cyber heists in the digital asset space, allegedly using stolen funds to support North Korea’s weapons programs. Lazarus has been linked to several high-profile crypto breaches, including the $625 million Ronin Bridge hack (2022). Their operations extend beyond crypto, with their fingerprints on major cyberattacks like the 2014 Sony Pictures hack and the 2016 Bangladesh Bank heist, where they attempted to steal nearly $1 billion via the SWIFT banking system.

Figure 2: Lazarus Group Hacking Activity

Source: 21Shares, Chainalysis

Bybit has already tracked and recovered approximately $50 million in stolen crypto, monitoring fund movements in real-time. The exchange is working closely with centralized platforms and stablecoin providers to identify, block, and freeze wallets associated with the hackers, significantly restricting their ability to launder the stolen assets. This rapid response highlights how blockchain’s inherent transparency can be a powerful tool in combating cybercrime.

As seen in Figure 3, Crypto exchange hacks are not new, and history has shown that the scale of these breaches can have lasting impacts. In 2014, Mt. Gox, which at the time handled over 70% of global Bitcoin transactions, suffered one of the most infamous hacks, losing 850,000 BTC. While worth approximately $450 million then, at today’s price of $96,000 per Bitcoin, that loss would be valued at over $81 billion. Similarly, Bitfinex experienced a major breach in 2016, losing 119,756 BTC - an amount that was valued at $72 million at the time which would be worth over $11.5 billion today. These incidents highlight the significant risks of holding assets on centralized exchanges, as security vulnerabilities, insider threats, and external attacks have repeatedly led to catastrophic losses for users. Despite advancements in security practices, these risks persist, making it increasingly clear why institutional investors are turning to regulated investment vehicles like ETPs to gain exposure to digital assets

Figure 3: Largest Crypto Hacks

Source: 21Shares, Investopedia

‍

ETPs: The Secure, Regulated Path to Crypto Exposure

Exchange hacks like this serve as a stark reminder of the security risks associated with self-custody and holding assets on centralized platforms. For investors, ETPs offer a regulated, institutional-grade alternative that eliminates direct exposure to exchange vulnerabilities.Unlike assets held on an exchange, the underlying crypto in ETPs are securely custodied by licensed third-party custodians, reducing the risks associated with exchange vulnerabilities and hacking. To further enhance security, we often use multiple custodians for each ETP, diversifying counterparty risk and ensuring that no single point of failure jeopardizes investor assets. 

Additionally, ETPs provide seamless access to crypto markets without the need to manage private keys or navigate complex security protocols. In times of uncertainty, institutional investors can find reassurance in the transparency, oversight, and security standards that ETPs uphold—ensuring exposure to the upside of digital assets without the operational risks of direct ownership.

‍

A Key Macro Signal Just Turned Bullish for Bitcoin - ISM PMI

Despite recent negative headlines, such as the Bybit hack, Bitcoin has remained resilient, holding above $90,000 for more than three months now. Beyond security risks, macroeconomic conditions also play a critical role in shaping Bitcoin’s price trends. One key macro indicator, the U.S. ISM Purchasing Managers Index (PMI), has recently flipped bullish, signaling potential upside for Bitcoin. The ISM PMI is a widely watched economic gauge that tracks manufacturing activity in the U.S. economy, with readings above 50 indicating economic expansion and below 50 signaling contraction.

Figure 4: Largest Crypto Hacks

Source: 21Shares, Bloomberg

Historically, when the ISM PMI remains above 50 for prolonged periods, Bitcoin has shown a tendency to rally. This relationship, while not perfectly linear, reflects how liquidity conditions and economic sentiment can influence capital flows into risk assets like Bitcoin. With the latest ISM data confirming sustained economic expansion, investors may view this as a supportive backdrop for Bitcoin’s next leg higher.

‍

Conclusion

The future remains bright for crypto, and the investment case for gaining exposure through the ETP wrapper is stronger than ever. While the Bybit hack underscores the risks of direct ownership, it also reinforces the value of secure, regulated investment vehicles. At the same time, the industry saw major regulatory wins this week, with the SEC dropping its case against Coinbase—effectively conceding that the crypto assets traded on the exchange are not securities. This shift weakens the foundation for future enforcement actions against crypto firms and strengthens the case for clearer, more favorable regulation. Additionally, the SEC’s decision to abandon its appeal to classify certain DeFi platforms as broker-dealers marks a retreat from its aggressive stance on decentralized finance, reducing uncertainty and paving the way for greater institutional participation. With regulatory headwinds easing and blockchain innovation accelerating, the long-term trajectory for digital assets remains firmly upward—and investors have never had a better way to participate in that growth through the security, transparency, and accessibility of ETPs.