In a groundbreaking cybersecurity incident, cryptocurrency exchange Bybit reported a sophisticated attack resulting in the theft of over $1.5 billion worth of cryptocurrency from its Ethereum cold wallet. The breach, which occurred on February 21, 2025, represents the largest single cryptocurrency heist to date.

The attack took place during a routine transfer between Bybit’s ETH multisig cold wallet and warm wallet. Attackers manipulated the smart contract logic while masking the signing interface, successfully transferring approximately 400,000 ETH and stETH to an unidentified address.

Security firms Elliptic, Arkham Intelligence, and TRM Labs have attributed the attack to the notorious North Korean Lazarus Group, known for orchestrating numerous cryptocurrency heists. The group has already stolen an estimated $1.34 billion across 47 cryptocurrency hacks in 2024 alone.

The incident surpasses previous major crypto heists, including:
– Ronin Network ($624 million)
– Poly Network ($611 million)
– BNB Bridge ($586 million)

Bybit’s CEO Ben Zhou confirmed that all other cold wallets remain secure, and the company has reported the incident to authorities. The attack demonstrates a new level of sophistication in crypto theft, particularly in manipulating user interfaces and institutional multisig setups through the Gnosis Safe Protocol.

The stolen funds were quickly laundered through a complex process, involving:
– Converting stolen tokens to Ether
– Distributing funds across 50 different wallets
– Routing through crypto exchanges to convert assets to bitcoin

This incident highlights the growing sophistication of cryptocurrency attacks and the vulnerability of even secure storage solutions to advanced social engineering techniques.