Bybit Hack 2025: Before & After — A Data-Driven Analysis

On February 23, 2025, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a catastrophic security breach that saw hackers drain 401,346 ETH (worth about $1.068 billion) and some other ETH-variants (worth about $279 million) from its cold wallet.

This wasn’t just another cyberattack; it was a masterclass in deception. The hacker didn’t brute-force their way in. Instead, they manipulated Bybit’s multi-signature security process, tricking key signers into unknowingly approving a backdoor that let them take full control of the exchange’s Ethereum reserves. 

Within hours, billions vanished into an unknown wallet, leaving Bybit scrambling to process an unprecedented wave of withdrawal requests.

How did this happen? Who is behind the attack? And what does this mean for the future of crypto security? This data-driven breakdown reveals every key detail, including hidden vulnerabilities that made it all possible.

Key Statistics

• The total ETH stolen in the attack amounted to 401,346 ETH, valued at approximately $1.068 billion.
• The ETH-variants stolen included 8,000 mETH, 90,375 stETH, and 15,000 cmETH, valued at approximately $279 million.
• Bybit's total assets dropped from $16.9 billion to $11.2 billion following the breach.
• A test transaction of 90 USDT was withdrawn before the full-scale hack took place.
• Bybit processed an all-time high withdrawal request of over 580,000 in response to the crisis.
• 99.90% of all withdrawal requests were completed within the first 10 hours of the incident.
• Bybit introduced new security measures, including custom software for signature verification and manual transaction checks via Etherscan.
• The breach was followed by the Infini Earn hack, which resulted in an additional $49.5 million in stolen funds.
• Bybit processed about 50% of the exchange’s deposits within 24 hours during a crisis.

Impact of the Bybit Hack on BTC and Other Altcoins

Big exchange hacks always shake up the market. Mt. Gox in 2014 led to a major crash, WazirX caused short-term dips, and now Bybit’s $1.4 billion hack has investors questioning just how secure even the biggest platforms are.

BTC

As of this writing, Bitcoin (BTC) has dropped 5.40% from its high on February 21, which coincides with the $1.347 billion Bybit hack—one of the largest security breaches in crypto history.

Altcoins

The cryptocurrency market is known to be highly volatile and reacts to the news with many altcoins reacting just as bad, or even worse, as Bitcoin has reacted even if Ethereum tried recovering but was smashed back down -6.74% on the hourly chart with others pulling back as hard as -15.11% (Solana).

With billions in stolen ETH on the move, the ripple effects are clear: traders rushing to offload assets, exchanges tightening security, and an overall atmosphere of uncertainty gripping the market. The question remains—how deep will this correction go, and how long before confidence is restored?

The Timeline of the Hack

The attack on Bybit’s multi-signature wallet unfolded in a carefully calculated sequence, exposing vulnerabilities even in seemingly secure cold wallet transfers.

It all began with what seemed like a routine operation. The CEO, the final signer, carefully reviewed the transaction within Safe Global’s UI, verifying the destination address and ensuring everything was checked out before signing off. 

However, within 30 minutes, an emergency alert confirmed something had gone catastrophically wrong.

Before the hack

Before the hack, the attacker carefully laid the groundwork by deploying a malicious contract designed to exploit Bybit’s multi-signature system. 

Three days before the breach, they created a contract that mimicked a legitimate one, disguising its true purpose. This contract contained a delegate-call function, allowing it to hijack the execution of Bybit’s multi-signature wallet without directly modifying its code, i.e., the hacker posed as legitimate.

The hacker ensured that when Bybit’s authorized signers approved the transfer, they unknowingly granted control over the wallet by disguising the malicious contract’s interaction as a routine transaction. 

Once executed, the contract redirected Bybit’s cold wallet authorization to the hacker, enabling them to drain the funds in a series of massive transactions.

During the hack

Digging into the transaction logs revealed the extent of the exploit. The hacker orchestrated a sweeping series of transactions that methodically drained assets from Bybit’s cold wallet. 

It started small with an initial test transaction that had just $90 stolen, likely to verify the vulnerability. What followed was staggering:

• 401,346 ETH—the largest single transfer, instantly raising alarms.
• 8,000 mETH—roughly $20 million siphoned away.
• 90,375 stETH—roughly $219 million, another devastating hit.
• 15,000 cmETH—roughly $39 million for the final extraction.

Asset Stolen	Transaction Hash Address	Amount Stolen (During Hack)
401,346.77 ETH	etherscan.io/tx/0xb61413c495fdad6114a7aa863a00b2e3c28945979a10885b12b30316ea9f072c	$1,068,224,563.03
8,000 mETH	etherscan.io/tx/0xbcf316f5835362b7f1586215173cc8b294f5499c60c029a3de6318bf25ca7b20	$20,611,440.00
90,375.55 stETH	etherscan.io/tx/0xa284a1bc4c7e0379c924c73fcea1067068635507254b03ebbbd3f4e222c1fae0	$219,337,839.75
15,000 cmETH	etherscan.io/tx/0x847b8403e8a4816a4de1e63db321705cdb6f998fb01ab58f653b863fda988647	$38,630,100.00

In total, the exploit amounted to an estimated $1.347 billion, making it one of the most significant crypto heists in history.

Blockchain sleuths traced the exploit to North Korean state-sponsored actors, the Lazarus Group, marking yet another instance of their shift from smart contract exploits to social engineering attacks. 

Bybit wasn’t the first victim, a similar method had previously been used in the WazirX exchange hack, the Radiant Capital breach, and now, Bybit.

Industry Reactions & Impact

What stood out during the crisis was the overwhelming support Bybit received from across the crypto ecosystem. Ben Zhou took to X to express his gratitude, stating:

"Bybit is overwhelmed by all the support that we got from partners and industry friends during last night’s critical time. Here I want to say thanks to all the friends and partners who offered or helped us in any way or form. I am truly grateful. We will need a lot more help down the road as well. Thank you!"

Zhou acknowledged that while the hack was a tragic event, it also highlighted the resilience of the crypto industry.

"Although it's a tragic event for Bybit, however, through this hard time, our industry showed strength as we unite together. We can only grow bigger from now on. As a team, we are ready to protect our industry together."

The collaborative response was evident, with major industry players such as Antalpha Global, Bitget, Pionex, MEXC, Solana, Ton Blockchain, Blockchain UAE, Ghaf Capital, Bitvavo, Tether, and Galaxy Digital stepping in to assist Bybit in freezing stolen funds and reinforcing security measures.

Several exchanges, including Bitget and Crypto.com, provided ETH liquidity to support Bybit during the crisis. Additionally, Tether’s CTO Paolo Ardoino confirmed that the company had frozen 181,000 USDT linked to the hack, preventing further laundering of stolen assets.

In a tweet to the Tether team and Paolo Ardoino, Zhou expressed his gratitude for their support. “Thanks, @Tether_to and @paoloardoino for the support,” he tweeted on Feb. 22, shortly after the breach. 

Paolo Ardoino, the CTO of Tether, had tweeted earlier about freezing 181k USDT linked to the Bybit hack. Despite the amount being relatively small, Ardoino highlighted that it was “honest work” and emphasized their ongoing monitoring of the situation. 

The Infini Earn Hack & DeFi Trends

The Bybit breach was not an isolated event. Just days after the incident, Infini Earn, a decentralized finance (DeFi) platform, faced its own attack. The Infini Earn hack saw $49.4 million siphoned off after a compromised private key was used to initiate transactions. The hacker quickly converted USDC to DAI and then acquired 17,696 ETH, funneling the stolen assets to a new wallet.

Infini Earn’s founder Christian Li took to X to address the exploit, admitting that the breach occurred due to a failure to properly transfer contract authority, a mistake that ultimately allowed the attacker to bypass security checks. 

"There is no problem with liquidity. Full compensation can be paid, and the funds are being traced,” Li assured users on X, acknowledging the rebuilding of trust would be difficult but necessary.

Bybit’s Ongoing Investigation

Indeed, several major industry players were quick to offer their assistance. Bitget’s CEO Gracy Chen revealed that Bitget was the first to extend a helping hand by offering ETH liquidity to Bybit during the crisis. 

Chen stated, “Bybit would have done the same for Bitget in a similar situation.” Furthermore, Crypto.com’s CEO Kris Marszalek reached out directly to Bybit, directing his cybersecurity team to provide aid.

As of Feb. 22, Bybit has been working tirelessly with forensic experts to track and recover the stolen funds. The company has communicated with various blockchain tracking firms to ensure any stolen funds making their way through the crypto ecosystem are identified and flagged. 

One key email, addressed to czx@bybit.com, shows Bybit reaching out to Xch's security team with an urgent request to block any deposits from compromised addresses associated with the attack.

Conclusion

Hacks have always been happening in crypto, but not at this scale. The Bybit hack stands to remind the world about the underlying risks in crypto. Despite security measures such as multi-signature security and cold wallet protections, coordinated and sophisticated attackers continue to exploit even the most heavily defended system. 

On the brighter side, the instant response from Bybit, major players in the crypto space, and security firms shows the crypto ecosystem's growing resilience. Still, it also raises pressing questions about how secure exchanges are.

If history is any indication, this hack will most definitely not be the last. However, what we've learned here could help prevent the next billion-dollar crypto heist.

Sources and Additional information

To read further and verify the details covered in this article, check out the sources we referenced:

Etherscan Transaction Records

• $90 Stolen Transaction
• 401,346 ETH Stolen Transaction 
• 8,000 mETH Stolen Transaction 
• 90,375 stETH Stolen Transaction 
• 15,000 cmETH Stolen Transaction

Official Statements & Social Media Updates

• Bybit CEO Ben Zhou’s response on X (formerly Twitter)
• Tether CTO Paolo Ardoino’s announcement on X regarding USDT freezing
• Infini Earn’s founder Christian Li’s official statement on the security breach

Additional Sources

• How to Secure Your Digital Assets—Bitcoin.com
• Charts on BTC and ETH
• ZachXBT North Korea Lazarus Group Investigation
• Radiant Capital Hack Report
• WazirX Hack Report