Crime Hackers steal $1.5 billion from exchange Bybit in biggest-ever crypto heist

[LeonardoBjj]

MacKenzie Sigalos @KENZIESIGALOS

• Bybit, a major cryptocurrency exchange, has been hit by the largest crypto heist in history.
• Hackers drained approximately $1.5 billion in digital assets, far surpassing previous thefts in the sector, according to blockchain analytics firm Elliptic.
• The attack compromised Bybit’s cold wallet, an offline storage system designed for security.

Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets, in what’s estimated to be the largest crypto heist in history.

The attack compromised Bybit’s cold wallet, an offline storage system designed for security. The stolen funds, primarily in ether, were quickly transferred across multiple wallets and liquidated through various platforms.

“Please rest assured that all other cold wallets are secure,” Ben Zhou, CEO of Bybit, posted on X. “All withdrawals are NORMAL.”

Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen crypto as it was moved to various accounts and swiftly offloaded. The hack far surpasses previous thefts in the sector, according to Elliptic. That includes the $611 million stolen from Poly Network in 2021 and the $570 million drained from Binance in 2022.

Analysts at Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the cryptocurrency industry. The group is known for exploiting security vulnerabilities to finance North Korea’s regime, often using sophisticated laundering methods to obscure the flow of funds.

“We’ve labelled the thief’s addresses in our software, to help to prevent these funds from being cashed-out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic, in an email.

The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency. Zhou said outflows had stabilized. To reassure customers, he announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.

The Lazarus Group’s history of targeting crypto platforms dates back to 2017, when the group infiltrated four South Korean exchanges and stole $200 million worth of bitcoin. As law enforcement agencies and crypto tracking firms work to trace the stolen assets, industry experts warn that large-scale thefts remain a fundamental risk.

“The more difficult we make it to benefit from crimes such as this, the less frequently they will take place,” Elliptic’s Robinson wrote in a post.

https://www.cnbc.com/2025/02/21/hac...from-exchange-bybit-biggest-crypto-heist.html

- And i dont know how to mirrow mny cellphone on my tv!

 

[Rational Poster]

If only there was a way to store money in a secure place with some sort of federal guarantee.

 

[Kingz]

Hopefully it ends better than the last biggest heist in history

 

[Osculater]

Hahahaa damn, let me get some of that digital monies!

 

[Kowboy On Sherdog]

It was @lsa

 

[LeonardoBjj]

Hahahaa damn, let me get some of that digital monies!

- Only if you spend on hookers

 

[Osculater]

It was @lsa

That damn sly cat fvcker!

 

[Corona]

Lol at byshit getting scammed by some third world cans.

 

[Osculater]

- Only if you spend on hookers

well
duh
Bro

 

[gentel]

Common crypto L

 

[usernamee]

So will they be able to use it/wash it?

Pretty cool. I just can't help to think you must be like elite of the elites when it comes to hacking if you're gonna pull shit like this off and low-level hacking already seems difficult enough.

 

[gentel]

More like BYE-bit

 

[KBE6EKCTAH_CCP]

MacKenzie Sigalos @KENZIESIGALOS

• Bybit, a major cryptocurrency exchange, has been hit by the largest crypto heist in history.
• Hackers drained approximately $1.5 billion in digital assets, far surpassing previous thefts in the sector, according to blockchain analytics firm Elliptic.
• The attack compromised Bybit’s cold wallet, an offline storage system designed for security.

Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets, in what’s estimated to be the largest crypto heist in history.

The attack compromised Bybit’s cold wallet, an offline storage system designed for security. The stolen funds, primarily in ether, were quickly transferred across multiple wallets and liquidated through various platforms.

“Please rest assured that all other cold wallets are secure,” Ben Zhou, CEO of Bybit, posted on X. “All withdrawals are NORMAL.”

Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen crypto as it was moved to various accounts and swiftly offloaded. The hack far surpasses previous thefts in the sector, according to Elliptic. That includes the $611 million stolen from Poly Network in 2021 and the $570 million drained from Binance in 2022.

Analysts at Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the cryptocurrency industry. The group is known for exploiting security vulnerabilities to finance North Korea’s regime, often using sophisticated laundering methods to obscure the flow of funds.

“We’ve labelled the thief’s addresses in our software, to help to prevent these funds from being cashed-out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic, in an email.

The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency. Zhou said outflows had stabilized. To reassure customers, he announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.

The Lazarus Group’s history of targeting crypto platforms dates back to 2017, when the group infiltrated four South Korean exchanges and stole $200 million worth of bitcoin. As law enforcement agencies and crypto tracking firms work to trace the stolen assets, industry experts warn that large-scale thefts remain a fundamental risk.

“The more difficult we make it to benefit from crimes such as this, the less frequently they will take place,” Elliptic’s Robinson wrote in a post.

https://www.cnbc.com/2025/02/21/hac...from-exchange-bybit-biggest-crypto-heist.html

- And i dont know how to mirrow mny cellphone on my tv!

LOL at crypto trash

 

[AWilder]

it's a great store of value... until it's stolen.

 

[LeonardoBjj]

So will they be able to use it/wash it?

Pretty cool. I just can't help to think you must be like elite of the elites when it comes to hacking if you're gonna pull shit like this off and low-level hacking already seems difficult enough.

- I dont know about that technology. @Rob Battisti can chime in?

 

[Rob Battisti]

- I dont know about that technology. @Rob Battisti can chime in?

No. They can’t. Every transaction is open so it’s a mystery to me how they intend on using the stolen funds

 

[LeonardoBjj]

No. They can’t. Every transaction is open so it’s a mystery to me how they intend on using the stolen funds

- THank you, bro!

Maybe they stole for the trill?

 

[Strychnine]

So will they be able to use it/wash it?

Pretty cool. I just can't help to think you must be like elite of the elites when it comes to hacking if you're gonna pull shit like this off and low-level hacking already seems difficult enough.

Yeah, it can be washed pretty easily.

 

[Rob Battisti]

Yeah, it can be washed pretty easily.

its all traceable so I don’t see how it’s easily washed

 

[Rob Battisti]

- THank you, bro!

Maybe they stole for the trill?

Apparently I’m an idiot

With the most recent Ethereum theft—assuming you’re referring to a significant incident reported around late February 2025—laundering the stolen funds is indeed possible, despite Ethereum’s traceability. Ethereum transactions are pseudo-anonymous: they’re recorded on a public blockchain, showing wallet addresses, amounts, and timestamps, but these addresses aren’t directly tied to real-world identities. However, criminals can use various methods to obscure the trail of funds, though law enforcement and blockchain analysts have tools to track them to varying degrees of success. Here’s how they might wash the stolen funds and why it’s not entirely untraceable:


Potential Laundering Methods

1. Mixers (e.g., Tornado Cash)
   • How it works: A mixer pools cryptocurrency from multiple users, mixes it, and then sends it to new addresses, breaking the direct link between the original and final destinations. For example, stolen ETH could be deposited into a mixer from one address and withdrawn to a different, unrelated address.
   • Effectiveness: This can make tracing harder, especially if the mixer is decentralized and doesn’t keep logs. However, if large amounts (like tens or hundreds of millions in ETH) are involved, the sheer volume might stand out, and analysts can sometimes correlate deposit and withdrawal patterns, especially if the funds later hit regulated exchanges.
2. Peer-to-Peer (P2P) or Over-the-Counter (OTC) Transactions
   • How it works: The thief could sell the stolen ETH directly to individuals or OTC brokers for cash or other cryptocurrencies, bypassing centralized exchanges that enforce Know Your Customer (KYC) rules.
   • Effectiveness: This avoids blockchain visibility after the initial transfer, but finding buyers for large sums without drawing attention is tricky. Posts on X suggest OTC trades as a laundering option for recent thefts, reflecting current sentiment among crypto observers.
3. Decentralized Exchanges (DEXs)
   • How it works: Stolen ETH could be swapped for other tokens (e.g., stablecoins or privacy coins like Monero) on platforms like Uniswap or SushiSwap, which don’t typically require KYC. Small, staggered trades could further obscure the trail.
   • Effectiveness: This disperses funds across multiple assets and addresses, but the initial ETH transactions remain visible, and sophisticated analytics can sometimes link them through trading patterns or liquidity pool interactions.
4. Wash Trading or Pump-and-Dump Schemes
   • How it works: The thief could use the stolen ETH to buy a low-market-cap token (possibly pre-purchased with clean funds on another account), artificially inflate its price, and then sell it for profit in a different cryptocurrency or via a clean address.
   • Effectiveness: This can legitimize some funds if successful, but it requires coordination and leaves a traceable footprint if the token’s trading volume spikes suspiciously—something blockchain forensics firms watch for.
5. Cross-Chain Bridging
   • How it works: The ETH could be bridged to another blockchain (e.g., Solana, Binance Smart Chain) using protocols like Wormhole or deBridge, then laundered further on less-monitored networks.
   • Effectiveness: This adds complexity, as each blockchain has its own tracing challenges, but bridges often create choke points where funds can be tracked before and after crossing.
6. Layering Through Multiple Wallets
   • How it works: The thief could split the funds across numerous wallets, sending them through a series of rapid, small transactions to confuse the trail before consolidating them elsewhere.
   • Effectiveness: This is time-consuming and costly (due to gas fees), and while it muddies the waters, clustering algorithms can sometimes group related addresses if patterns emerge.

Is It All Traceable?


Not entirely, but mostly yes—up to a point. Ethereum’s blockchain is transparent, meaning every transaction is public and permanent. Analysts can use tools like Etherscan, Chainalysis, or Crystal to follow the flow of funds from the theft address to subsequent destinations. Key factors that aid traceability include:

• Exchange Deposits: Most thieves eventually want fiat currency, requiring them to use centralized exchanges with KYC/AML policies. Once funds hit these off-ramps, authorities can subpoena user data.
• Behavioral Patterns: Large transfers, unusual timing, or interactions with known services (e.g., mixers, exchanges) can flag suspicious activity.
• Cluster Analysis: Algorithms can link addresses controlled by the same entity based on shared spending patterns or inputs.

However, traceability weakens if:

• Funds stay off centralized platforms and move through mixers or privacy-focused chains (e.g., Monero).
• The thief is patient, laundering small amounts over years to avoid detection.
• They use untraceable cash via P2P deals or exploit gaps in international jurisdiction.

Real-World Context


Recent high-profile Ethereum thefts, like the 2019 Upbit hack (342,000 ETH stolen) or the 2024 Peraire-Bueno brothers’ $25M exploit, show that laundering is possible but often incomplete. In the Upbit case, hackers used decentralized transfers and exchanges, yet some funds were frozen after tracing efforts by security firms and authorities. The brothers allegedly used shell companies and foreign exchanges, but their scheme was still unraveled by IRS investigators. Posts on X about recent thefts (e.g., Bybit monitoring stolen ETH) suggest ongoing efforts by exchanges and analysts to track funds, reinforcing that while laundering is feasible, it’s not foolproof.


Conclusion


The thieves could wash the stolen ETH using mixers, DEXs, OTC trades, or cross-chain bridges, aiming to break the blockchain trail and cash out. While Ethereum’s transparency makes it theoretically traceable, practical success depends on the thief’s sophistication, patience, and ability to avoid regulated choke points. Law enforcement’s growing expertise and tools mean it’s a cat-and-mouse game—much of the funds might get washed, but rarely all, especially with large-scale thefts drawing intense scrutiny.