Bybit Issues Update on the Ongoing Forensic Investigation into the Recent Security Incident

DUBAI, UAE, Feb. 27, 2025 /PRNewswire/ – Bybit, the world's second-largest cryptocurrency exchange by trading volume, today issued an important update to the community

Recently, there was a targeted attack by the Lazarus Group on protocols in the DeFi ecosystem. Lazarus Group is a North Korean state-sponsored hacking collective that has targeted cryptocurrency exchanges and protocols in the past.

Earlier this year, they had compromised the Atomic wallet and stole $718 million in cryptocurrency.

This time, they set their sights on Safe(Wallet) which provides multi-signature wallet technology for Web3 protocols and funds.

The forensic review concluded that credentials of a Safe developer were compromised which allowed the attacker to gain unauthorized access to the Safe(Wallet) infrastructure and totally deceive signers into approving a malicious transaction.

This transaction was spotted by several community members on February 20, 2024, and maliciously drained 230 BTC from a Bybit hot wallet.

After the incident, Bybit immediately engaged third-party forensic experts, including Verichains and Sygnia Labs, to conduct an independent review.

Both forensic experts have found no indications of any compromise within Bybit’s infrastructure as confirmed in SAFE’s own statement relating to the compromise of its own environment.

After the incident, Bybit also moved the majority of funds out of its Safe Wallet administered addresses on the day of the incident. Ensuring the safety and security of our users remains our top priority.

We are actively evaluating alternative wallet solutions for custody that meet the highest security standards.

"We are grateful to the community for their vigilance and support in reporting this incident. At Bybit, security and transparency are paramount.

We can confirm that the preliminary findings of the forensic experts engaged by Bybit have not indicated any compromise of Bybit’s infrastructure.

This aligns with the statements made by SAFE concerning the scope of the Lazarus Group's attack. Our focus remains on reimbursing affected users and taking steps to prevent similar incidents in the future," said Ben Zhou, Co-founder & CEO of Bybit.

Bybit is fully committed to cooperating with relevant authorities in their investigation of the Lazarus Group’s targeted attack.

We will continue to enhance our security measures and collaborate with top security experts to uphold our commitment to user safety.

Together, we aim to create a safer and more secure Web3 environment for all.