In February 2025, Bybit, a major crypto exchange, lost $1.5 billion in Ethereum (ETH) from a cold wallet. North Korean hackers from the Lazarus Group were behind it. They didn’t break the tech—they tricked the people. Here’s the story.
Bybit used a multisig cold wallet, requiring multiple signers, like CEO Ben Zhou, to approve transfers. These wallets are offline, meant to be ultra-secure. The hackers used social engineering, likely phishing, to target Zhou. During a routine transfer to a hot wallet (online storage), they sent a fake request. The signing interface, run by Safe{Wallet}, looked normal but hid malicious code. When Zhou and others signed, they handed control to the hackers.
In minutes, 400,000 ETH vanished. The Lazarus Group laundered some funds but left most traceable. Bybit covered the loss with its $20 billion reserves, ensuring user funds stayed safe. The breach came from a hacked Safe{Wallet} developer’s laptop, not Bybit’s core systems. It’s the biggest crypto heist ever, showing human error can topple even the best defenses.
Special Comment: Humans Are the Weak Spot
The Bybit hack stands out because it wasn’t a tech flaw—it was a people problem. The Lazarus Group, known for funding North Korea’s weapons, didn’t need to crack encryption. They fooled a busy CEO into clicking “approve.” This proves a key point: as crypto tech gets stronger, hackers target humans instead. Multisig wallets sound invincible, but they’re only as good as the people holding the keys.
Are Crypto Exchanges Still Safe?
Yes, but with caveats. The Bybit hack hit the exchange, not users—client funds were untouched. Bybit’s transparency and reserves helped it recover fast. Most big exchanges use cold storage and audits to stay secure. But this attack shows state-backed hackers, like Lazarus, are a growing threat. Crypto trading is safe if you pick trusted platforms, but no one’s immune to human mistakes.
Can Automation Fix This?
You asked if skipping human signers for cold-to-hot transfers could stop hacks like this. Maybe. An automated system—think smart contracts or hardware triggers—could cut out the human error the Bybit hack exploited. No one to trick, no breach.
But it’s not perfect:
- Bugs: Automation needs flawless code. One glitch, and hackers strike remotely.
- Flexibility: Humans can pause transfers in a crisis. Machines might not.
- New Risks: Hackers could target the system itself, like they did with Safe{Wallet}’s developer.
Automation might have dodged this specific Bybit hack. Still, the real fix needs better interfaces—like foolproof transaction previews—plus human oversight, not less.