The attack compromised the Safe{Wallet} multisig interface used by Bybit to manage its cold reserves. Lazarus used targeted phishing against Bybit engineers. Bybit fully reimbursed customers from insurance and new capital, surviving what would have killed most exchanges. The hack advanced discussions around multisig UI security, hardware signing, and the limits of cold storage when the signing device itself is compromised.
attack·February 21, 2025
Bybit $1.5B Hack
North Korea's Lazarus Group exploits Bybit's cold wallet signing process, stealing 401,346 ETH — largest crypto hack ever.