Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history.
"The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit said in a post on X.
"As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address."
In a separate statement posted on the social media platform, Bybit's CEO Ben Zhou emphasized that all other cold wallets are secure. The company further said it has reported the case to the appropriate authorities.
While there is no official confirmation from Bybit yet, Elliptic and Arkham Intelligence confirmed that the digital theft is the work of the infamous Lazarus Group. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).
Independent researcher ZachXBT said they "connected the Bybit hack on-chain to the Phemex hack," the latter of which took place late last month.
The North Korea-based threat actor is one of the most prolific hacking groups, orchestrating dozens of cryptocurrency heists to generate illicit revenue for the sanctions-hit nation. Last year, Google described North Korea as "arguably the world's leading cyber criminal enterprise."
In 2024, it's estimated to have stolen $1.34 billion across 47 cryptocurrency hacks, accounting for 61% of all ill-gotten crypto during the time period, according to blockchain intelligence firm Chainalysis.
"Cryptocurrency heists are on the rise due to the lucrative nature of their rewards, the challenges associated with attribution to malicious actors, and the opportunities presented by nascent familiarity with cryptocurrency and Web3 technologies among many organizations," Google-owned Mandiant said last month.
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
Beware: PayPal "New Address" feature abused to send phishing emails
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner