On February 21, 2025, the cryptocurrency world was shaken by one of the biggest hacks in digital asset history. The Bybit exchange platform suffered an attack that resulted in the loss of 403,996 ETH, along with other cryptocurrencies, totaling an estimated $1.48 billion.

How the Attack Happened

The attack was executed through a sophisticated smart contract technique that allowed attackers to redirect funds to an unidentified address. Despite Bybit employing recommended security practices, such as using multisig cold wallets, hackers managed to manipulate the signing interface of company employees, leading to the inadvertent approval of malicious transactions.

The investigation revealed that the attack was carried out through a "Musked UI", a fraudulent interface that tricked signers into authorizing the malicious transaction.

Market Impact

The hack triggered a wave of mass withdrawals and extreme volatility in the cryptocurrency market. By February 24, 2025, Bybit had experienced the following net withdrawals:

• Bitcoin (BTC): 21,248 BTC withdrawn (from 70,604 BTC to 49,356 BTC).
• Tether (USDT): $1.76B USDT withdrawn (from 3.25B to 1.50B USDT).
• USDE: Withdrawals of $217.47M (from 578.37M to 360.90M USDE).

In total, $4.3B left the platform, causing a drastic drop in its reserves, from $10.8B to $6.5B in just a few days.

At a market level, the consequences were devastating:

• Bitcoin fell by 13.6% monthly.
• Ethereum suffered a 22.9% loss.
• Solana and Meme Coins dropped by 40% and 36.9%, respectively.

Bitcoin’s price retreated to the low-liquidity zone between $70K and $88K, making it vulnerable to further declines if buying demand is insufficient.

North Korea’s Involvement

Various blockchain analysis firms, such as Elliptic, identified patterns characteristic of the Lazarus Group, a hacker organization linked to the North Korean government. It is estimated that 22% of the stolen funds ($270M) have already been laundered through decentralized platforms, making recovery difficult.

The hackers employed advanced techniques, including:

• User interface (UI) manipulation to deceive signers.
• Sophisticated malware that operates on Windows and MacOS.
• Long-term social engineering to gain access to internal systems.

Bybit’s Response

Despite the attack, Bybit demonstrated exemplary crisis management:

• Immediate transparency: CEO Ben Zhou conducted live streams providing real-time updates on the situation.
• Reserve audit: Security firm Hacken confirmed a 100% collateral ratio, ensuring users that withdrawals remained open.
• Fund replenishment: Bybit recovered 447,000 ETH through funding from Galaxy Digital, FalconX, and Wintermute.
• Hacker tracking: A public website was launched to track 6,338 hacker addresses, and a 5% bounty was offered for information leading to fund recovery.

So far, Bybit has managed to freeze $42.3 million, 3% of the stolen funds.

A Turning Point in Crypto Security

This hack marks a turning point in cryptocurrency exchange security. The vulnerability exposed in multisig cold wallets demonstrates that the weakest link remains the human factor.

The lessons learned highlight the need for:

• Internal network segmentation to reduce risks.
• Multi-factor authentication with physical validations to prevent manipulations.
• Anomaly detection systems in user interfaces.
• Better collaboration between exchanges to combat state-sponsored threats.

The Bybit hack not only impacted the market but also raised alarms about the increasing sophistication of state-backed cyberattacks in the crypto world. What happens in the coming months could shape the future of digital asset security.