On the evening of February 21st, the cryptocurrency market was hit by a shock. Bybit, the world's second - largest cryptocurrency exchange, was hacked. Over 400,000 ETH and more than 90,000 stETH were stolen, with a total value of over $1.5 billion. This incident instantly became the focus of the cryptocurrency field and may set a record as the largest theft in the history of cryptocurrency.

At night on February 21st, Beijing time, during a routine transfer, Bybit detected unauthorized activities in its Ethereum cold wallet. This was originally part of the official plan to transfer ETH from the multi - signature cold wallet to the hot wallet. However, the transaction was manipulated by a complex attack. The attacker first deployed a malicious contract and completed the deployment of the malicious implementation contract on February 19th. On February 21st, through the signatures of three Owners, the Safe contract was replaced with a malicious version, and malicious logic was then embedded. Finally, the backdoor functions sweepETH and sweepERC20 were called to transfer all the huge amounts of ETH and stETH in the cold wallet to an unknown address. The whole process was closely linked and the means were hidden.

Chain detective ZachXBT and the SlowMist security team, through analysis, highly suspect that the North Korean hacker group Lazarus Group is behind this attack. From a technical perspective, the attacker used techniques commonly employed by the Lazarus Group. For example, through social engineering attack means, they may have obtained information about the operation of Bybit's internal finance team in advance, grasped the transfer time point of the ETH multi - signature cold wallet, and induced the signatories to sign malicious transactions on a forged interface. Moreover, the hacker address is associated with the addresses in previous attacks on BingX and Phemex.

After the news broke, the cryptocurrency market was in an uproar. The price of Ether fell by more than 4% at one point, and the platform token BYB of Bybit plummeted by more than 10% within an hour. In a panic, a large number of users demanded to withdraw funds, with over 350,000 withdrawal requests. As of last Saturday, the amount of customer withdrawals exceeded (5.3 billion. However, Ben Zhou, the co - founder and CEO of Bybit, quickly responded that even if the losses cannot be recovered, Bybit has the ability to pay off because the platform has )20 billion in reserve assets and all customer assets are 1:1 supported. And on Monday, Ben Zhou pointed out that Bybit has fully made up for the stolen (1.4 billion in Ether. It obtained 446,870 Ether, worth )1.23 billion, from loans, large - scale holders, and other channels.

This incident has put the entire cryptocurrency industry on high alert. Changpeng Zhao, the co - founder of Binance, emphasized that the attacked exchanges adopted different multi - signature solution providers, indicating that the hacker's methods are a systematic problem rather than targeting a single vendor. Industry executives suggest that the transparency of transactions in the cryptocurrency industry should be improved and a shift should be made from traditional multi - signatures to a more secure architecture. After all, in recent years, security incidents in the cryptocurrency market have occurred frequently, from hacker attacks to the collapse and fraud of exchanges. This theft incident of Bybit has once again sounded the alarm for the industry, and security issues have always been a crucial link that cryptocurrency trading platforms cannot afford to ignore.