The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.
The breach, which was described as a “sophisticated attack”, has sent ripples throughout the digital currency world, raising fresh concerns over the security of even the most well-established crypto exchanges.
How the Hack Happened
Bybit’s CEO and co-founder, Ben Zhou, revealed in a livestream announcement that hackers managed to drain 401,346 ETH from one of the company’s cold wallets. Cold wallets, which are designed to store cryptocurrency offline and away from internet exposure, are considered the most secure way to hold digital assets. However, this attack has exposed a new level of vulnerability in the security infrastructure of crypto exchanges.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
Providing more details in a post on X, Bybit explained that the hackers exploited a flaw in the company’s multi-signature (multisig) cold wallet system, using a method that manipulated transaction verification processes.
“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Bybit said in a statement.
This deceptive method allowed the attacker to gain control of the cold wallet and transfer its entire holdings to an unidentified external address.
The revelation that a cold wallet—which is supposed to be immune to internet-based hacking attempts—was compromised in such a manner has raised serious questions about the security protocols of cryptocurrency platforms and whether even offline storage solutions can be trusted.
Bybit has assured its users that it is working with top cybersecurity firms, blockchain forensic experts, and law enforcement agencies to trace the stolen funds and identify the perpetrators.
“Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us,” the company stated.
The Biggest Crypto Heist Ever
The scale of this breach has shattered previous records for crypto-related hacks. According to Rekt, a platform that tracks security breaches in the Web3 and digital asset space, this heist surpasses major past crypto thefts, including the $624 million Ronin Network hack (March 2022), and the $611 million Poly Network exploit (August 2021).
Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, described the heist as unprecedented.
“In fact, it may even be the largest single theft of all time,” he noted, comparing the scale of the breach to physical financial crimes, not just digital hacks.
To put the scale of this attack in context, before the Bybit hack, the largest bank heist in history was the looting of approximately $1 billion from the Central Bank of Iraq in 2003, as reported by the financial news site World Finance.
Crypto Industry Faces Rising Security Threats
The Bybit incident adds to the growing tally of high-profile crypto hacks in recent years, underscoring the increasing risks in the digital asset space. According to a report by blockchain analytics firm Chainalysis, hackers stole an estimated $2.2 billion in crypto throughout 2024, a significant increase from $2 billion recorded in 2023.
One of the most alarming findings from Chainalysis’ research is that North Korea-linked hacking groups were responsible for $1.34 billion in crypto theft across 47 incidents in 2024—a 102.88% increase from 2023 when they stole $660.5 million across 20 incidents.
Bybit, which is headquartered in Dubai, United Arab Emirates, remains one of the top cryptocurrency exchanges in the world, with an estimated $16 billion in total assets as of last week, according to CoinMarketCap.
Despite the magnitude of the attack, the company has reassured users that its other cold wallets remain secure and that all client funds are safe. The exchange continues to operate without disruption, maintaining trading, withdrawals, and other services.
“We want to assure our users and partners that all other Bybit cold wallets remain fully secure. Our security infrastructure is being reviewed to prevent future incidents, and our operations will continue as usual,” the company said.
Implications for the Crypto Market
The Bybit hack is likely to reignite debates on crypto security, regulation, and investor protection. Despite major advancements in blockchain security, smart contracts, and cold storage solutions, this latest incident has exposed serious vulnerabilities.
Some experts are advocating more robust regulation and third-party oversight of crypto exchanges to help prevent such breaches in the future. Others believe that the industry needs to invest in more advanced security protocols, including real-time monitoring systems that can detect suspicious activity before funds are transferred.