How It Happened?

On February 21, 2025, cryptocurrency exchange Bybit suffered one of the largest hacks in crypto history. Hackers breached the platform’s cold multi-signature wallet, resulting in the loss of 401,347 ETH, along with significant amounts of stETH, cmETH, and mETH. The total estimated losses exceeded $1.5 billion.

On-chain analysts were the first to raise alarms after noticing an unusual transaction to an unknown wallet. The concerns were confirmed when Bybit’s CEO Ben Zhou acknowledged the breach. According to him, the attackers exploited a "blind signing" method, which allowed them to manipulate transaction details and bypass the security measures of the multi-signature wallet.

Key Aspects of the Attack:

• Hackers gained access to employee signatures through a spoofed interface.

• They gradually altered transaction data, allowing them to redirect assets to their own wallets.

• Most stolen funds were quickly converted through decentralized exchanges (DEXs), making tracking significantly more difficult.

Who Is Behind the Attack?

Security experts, including blockchain investigator ZachXBT, linked the attack to the North Korean hacker group Lazarus, notorious for executing similar crypto heists. Lazarus leverages sophisticated social engineering tactics and technical exploits to steal crypto assets, allegedly funding North Korea’s government operations.

On-chain data indicates that the stolen assets were laundered through decentralized protocols, with a portion converted into Bitcoin via Chainflip. However, the Chainflip team has since announced efforts to block further transactions linked to the hack.

Market & User Reaction

The Bybit hack triggered panic among users, leading to a massive withdrawal spree. Within the first 24 hours, over $5 billion was withdrawn from the exchange, setting a record in the crypto industry. However, Bybit assured its users that all customer assets remain backed 1:1 and that the company has the financial strength to cover the losses.

To stabilize the situation, Bybit secured loans from Binance, Bitget, and Crypto.com while also offering a $150 million bounty for the return of stolen funds. The hackers, however, ignored the reward and instead continued offloading ETH through KYC-free exchanges.

What’s Next for ETH?

The situation has raised serious concerns among Ethereum investors. The hackers now control such a large supply of ETH that they have the potential to significantly impact the market. There are three possible scenarios:

1. If the hackers sell ETH gradually, the price will likely remain in a sideways trend, with macroeconomic factors playing a key role in future movements.

2. If the hackers dump their holdings rapidly, Ethereum’s price could experience a severe drop, dragging the entire crypto market down with it.

3. If Ethereum Foundation decides to implement a fork (similar to the Ethereum Classic split), it could reverse the hack, but so far, there has been no official comment on this possibility.

Following the Bybit hack, the attackers have now become some of the largest Ethereum holders in the world—they own more ETH than Vitalik Buterin and Ethereum Foundation combined. They are now among the top 14 ETH holders globally, giving them significant market influence.

The biggest concern is that Ethereum’s smart contracts do not have a mechanism to freeze or blacklist these wallets. This means the hackers can freely move, sell, and launder their assets through decentralized platforms, putting ongoing downward pressure on the market.

💡 Never store funds on exchanges that you can’t afford to lose. Use exchanges only for trading, and keep your assets in self-custody wallets, where you have full control over your private keys.