The world of cryptocurrency is in the limelight as its security has once again been called into question following the latest $1.5billion cyber attack on the Dubai-based crypto platform, Bybit. This heist has had a ripple effect on the industry, causing confidence to waver – but has the company responded in such a way that confidence can be restored?
On 21 February 2025, Bybit suffered the biggest known breach in crypto’s history in which tokens worth $1.5billion were stolen from Bybit’s Ethereum wallet. Within 12 hours of the attack, over 350,000 withdrawal requests were made. Despite the fear surrounding the safety of funds, Bybit was able to process the requests without delays. Looking to further instil confidence in users, Bybit’s CEO, Ben Zhou said on X: “Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
— Ben Zhou (@benbybit) February 21, 2025
Two days after the hack took place, Bybit put out an official statement highlighting its efforts to reassure consumers while also noting how it is working with regulatory bodies and authorities to address the hack.
In the statement, Bybit said: “This collaboration not only facilitated a swift response but also set a precedent for future cooperation between the crypto industry and regulatory bodies. As the incident unfolds, further developments are expected from this front, potentially leading to enhanced security measures and regulatory frameworks.”
Support from the industry
In the wake of the attack, the crypto industry rallied to support the crypto platform. Commenting on crypto exchange, Bitget‘s efforts in supporting Bybit, the company’s CEO, Gracy Chen said: “At Bitget we strongly believe in supporting the community and everyone contributing towards the growth of crypto.
“The largest crypto hack in the industry was carried out on Bybit about 12 hours ago. Our systems have blacklisted hacker’s wallets. We will block any transactions flowing in from illicit addresses to the exchange once it has been monitored. Our team of security, and researchers, are currently tracking these activities. If we make any significant findings, we will share an analysis of this incident and what industry can do to avoid similar issues.
“Bitget transferred 40,000 ETH (worth roughly $105million) to Bybit to support them in dealing with the situation. These are Bitget’s own funds, which we have sent for the goodwill of the cryptospace. All Bitget’s users’ funds are securely stored on our platform and users can check the proof of reserve accordingly.
“As of now, Bybit has already processed 99 per cent of the withdrawals on the platform. Bybit is a respected competitor and partner to us. This loss, even though extremely significant, is roughly about a year’s profit of the exchange. We will continue to monitor the incident, and if Bybit needs more support we’re here to provide.”
Has Bybit done enough to restore investor confidence?
Exploring the impact of Bybit’s efforts following the attack, Kurt Wuckert Jr., CEO and founder of the mining company Gorilla Pool, said: “Bybit has attempted to downplay the severity of the breach by quickly replenishing reserves and assuring users that funds are fully backed 1-to-1.
“While this may pacify immediate concerns, it does nothing to address the deeper structural vulnerabilities (lack of training and reliance on insecure contracts operated by untrained insiders) that led to the hack in the first place. Their response is reactive rather than proactive—more damage control than actual reform.
“Trust in crypto platforms has already been eroded by a long history of similar breaches, and Bybit’s situation reinforces the notion that EVM-based systems are inherently insecure. While users may feel relieved if their funds are reinstated, the deeper issue remains: these platforms are operating with outdated, exploitable architecture and little incentive to fix it.”
Impact on the wider crypto ecosystem
Following the news of the hack, the crypto market experienced a dip. While not solely due to the heist, the breach of Bybit’s security played a big part in the drop in funds. The news of President Donald Trump‘s tariffs also impacted the sector, as Bitcoin dropped below $90,000 for the first time since November 2024. Initially, the price of Ethereum also dropped by four per cent following the news of the attack, however, the price has since returned to pre-attack figures.
This was a sentiment that was also echoed in Bybit’s statement as it explained activity on the platform had already surpassed activity before the attack.
Currently, the North Korean Lazarus Group is being held responsible.
Bouncing back from a hack
This is not the first time the cryptocurrency industry’s security standards have been called into question. Following the pandemic, there was a boom in the crypto world, but it also seemed to attract the wrong attention.
In August 2021, around $610million was stolen from the Poly Network. Not even a year later, the gaming-based crypto network, Ronin Network announced that $620million had been stolen in March 2022.
Commenting on the current attitudes towards security in the crypto sector following the hack, Charles St.Louis, CEO of DELV, the crypto mining infrastructure provider said: “The Bybit hack is a reminder that security remains a critical issue in centralised exchanges. Even if users are reimbursed, the reputational damage is significant.
“Trust in centralised platforms is fragile in crypto, and every major hack reinforces the case for decentralised, self-custodial solutions, where battle-tested security is a prerequisite to successful scaling”
This can happen to anyone
Making a case that the attack shouldn’t impact Bybit’s confidence, Robert Johnson, co-CEO and CTO at Komainu, the digital asset custody solution provider said: “Seeing the Bybit attack as a pure cryptocurrency hack is disingenuous. In essence, it was a classic cybersecurity compromise, a perceived social engineering attack that horizontally infected the organisation’s desktops, intermediating and corrupting the transaction signing workflow.
“Every organisation in the world is susceptible to this form of attack, and very rarely is it the case that the exfiltration of cryptographic key shards is the weakness. $1.5billion is a large number, but small when set against the $9.5trillion lost globally to cyberattacks in 2024.
“Trust is not a product of ‘cold’ wallets – they are no defence without appropriate governance workflows, segregated duties and strong endpoint security. The classic defence in depth against cyber hacking is a pre-requisite for all organisations, especially those that operate within financial services. Trust can be garnered via certifications such as SOC 2 Type 2, and via regulatory oversight. These processes test governance around workflows and such requirements are critical to the institutional adoption of cryptoassets.
“Crypto exchanges remain outside the regulatory framework at present, institutions will realise that engaging with regulated, certified partners to safeguard off exchange solutions where asset security is the primary concern is the best approach to a trusted solution.”
