Skip to content
Breachroad
Back to the blog
Data breaches

The Bybit heist: $1.5bn and a cold-wallet lesson

In February 2025, $1.5bn in crypto vanished from Bybit. We break down the Lazarus attack and what failed despite a cold wallet.

KR
Karol Rapacz
24 February 2025 · 10 min read
The Bybit heist: $1.5bn and a cold-wallet lesson

On 21 February 2025, roughly $1.5 billion in Ethereum vanished from the Bybit crypto exchange — in a single transaction. It’s the largest single theft in history, not just in crypto: it dwarfed previous records by an order of magnitude. Behind the attack stood the North Korean group Lazarus, and how the breach was carried out is a lesson for any company that believes “we secured it in hardware, so we’re safe”. Because Bybit had a cold wallet — and it wasn’t enough.

How $1.5 billion was drained

Bybit kept funds in a multi-signature cold wallet — in line with industry best practice. Transactions required approval from several signers, and management used a popular, respected piece of software (Safe). In theory, exemplary architecture. In practice, the attackers didn’t break the cryptography — they deceived the people doing the signing.

The chain went like this: Lazarus first compromised the infrastructure of the wallet interface provider. When Bybit’s signers opened a routine transaction, the interface showed them correct, expected data — the right address, the right amount. Meanwhile the actual content they were approving with their hardware signature was swapped: it changed the wallet’s smart-contract logic to hand control of the funds to the attackers. The signers saw one thing and signed another. It’s an attack on the integrity of what a human sees — a class of problem that hardware alone doesn’t protect against.

Once they had control, the funds were rapidly laundered through hundreds of wallets, cross-chain bridges and mixers. Despite an unprecedented, coordinated industry effort, only a fraction was recovered.

Why the cold wallet wasn’t enough

This is the key takeaway. A “cold” wallet protects private keys from being stolen over the network — and it did that job, because the keys didn’t leak. But transaction security isn’t just key protection; it’s also certainty that you’re signing what you think you’re signing. The Bybit attack bypassed the strong layer (key storage) and hit the weaker, less-audited one (the interface and the approval process). It’s a pattern that recurs endlessly in security: the attacker doesn’t target the strongest link but the weakest — and then goes around the rest.

What Bybit teaches companies outside crypto

You might think “we don’t trade crypto, this doesn’t apply to us”. Wrong — the mechanisms are universal:

An attack through a trusted interface. This is the same class as invoice fraud (BEC): a person makes a sound decision based on data they trusted, which had been manipulated. If you approve transfers based on what you see on screen, someone can attack that very screen.

Verification via an independent channel. For critical-value operations you cannot rely on a single source of truth. In crypto that means verifying the raw transaction data on a separate, trusted device. In an ordinary company — the second-channel rule for every bank-account change and large transfer.

Software supply chain security. The entry point was a compromise of a provider’s component. It’s the same story as the npm worm or the Salesforce token theft: your security depends on the security of the tools you trust — see third-party risk management.

Separation of duties and limits. Even with multisig, it’s worth having independent, out-of-band verification of large transfers, hard limits and a “human outside the system” watching the whole. One manipulated interface should not be enough to move billions.

Frequently asked questions (FAQ)

Did Bybit’s private keys leak? No — and that’s the crux. The cryptography and key storage worked. It was the process and interface layer that failed: the signers approved a transaction whose true content they couldn’t see. It’s an attack on the human and the tool, not the key.

How much of the funds was recovered? Despite unprecedented cooperation between exchanges, analytics firms and law enforcement, only a small fraction was recovered. The funds were laundered through a web of wallets and mixers faster than they could be frozen — which shows that with such attacks prevention is everything and recovery marginal.

What does this mean for an ordinary company? That the costliest losses rarely come from breaking cryptography — more often from manipulating what a human sees and approves. The same logic underlies transfer fraud at ordinary companies. The defence is second-channel verification and separation of duties, not another hardware gadget.

Was this a state-sponsored attack? Industry analyses attributed the attack to the North Korea-linked Lazarus group — the regime has financed itself through large-scale crypto theft for years. It shows the adversary can be a well-funded, patient organisation, not a lone hacker.

How do we test our own resilience to such a scenario? A social engineering test and a review of your approval processes reveals where your company relies on “what’s on the screen” without independent verification. Those are exactly the gaps exploited at Bybit. Book a consultation if you move large transfers.

Summary

The Bybit heist is the most expensive lesson in history that security is a whole chain — from the key, through the interface, to the human who signs. The strongest control (cold multisig) didn’t help, because the attack went around it and hit the approval process. For any company the moral is the same: protect not only data and keys but the integrity of decisions — and verify every critical-value operation through an independent channel.


Sources and further reading: Chainalysis and TRM Labs analyses.

Share this article

Services Book a consultation