Bybit hack and other major cryptocurrency incidents

Home / Blog / Bybit hack and other major cryptocurrency incidents

23 Mar 2025 Author: Maria Ohnivchuk

Lessons that changed the crypto industry

Blockchain was a technology that promised to be invulnerable, transparent and secure. However, like any innovation, it has gone through a series of trials that not only tested its strength, but also catalyzed its evolution. Hacks, leaks, technical failures — big incidents have left a mark on the history of the crypto industry, forcing developers, investors and regulators to rethink their approaches to security and reliability.

What if these incidents are not just a series of random mistakes, but natural, imminent stages of development? What if each hack or leak is not a failure, but an opportunity to make the system more secure? After all, these crises have made blockchain technology what it is today: not perfect, but constantly improving.

In this article, we will analyze the biggest incidents that shook the crypto world. We will not just list the facts, but try to understand what lessons have been learned, how these events have affected the blockchain architecture and approaches to security. Let’s look at the most significant events, starting with the most recent large-scale hack in the history of the crypto industry, which literally stunned the market in early 2025.

Bybit hack (February 21, 2025)

The scale and mechanism of the attack

The largest theft in the history of cryptocurrencies. Most sources (FBI, AP, Business Insider, DL News, TRM Labs) indicate that Lazarus Group (TraderTraitor), a state-sponsored entity from North Korea, was behind the attack.

The security incident with top-2 crypto exchange Bybit occurred during a standard transaction to transfer funds from a cold multi-signature (multisig) wallet to a hot wallet to support the exchange’s daily operations.

The hackers realized a sophisticated attack in which:

they compromised the infrastructure of the Safe multi-signature wallet (also known as Gnosis Safe) used by the exchange to protect cold funds;
they spoofed the wallet’s user interface, i.e. used a masked transaction technique;
signatories (exchange employees) saw the correct transaction data (correct recipient address and transfer amount), but actually signed the fraudulent transaction with their keys.

As a result of the manipulation, the attackers gained control of the funds and withdrew approximately 401,346 ETH (about 1.46 billion U.S. dollars) to addresses under their control. The attackers almost completely laundered the stolen funds in just 10 days — moving and converting the stolen assets via DEX, cross-chain bridges and a mixer.

The exchange promptly responded to the incident and received help from many companies and organizations, although the lion’s share of funds could not be saved.

However, the incident did not practically affect the exchange’s position in the market. After the world’s largest theft, Bybit’s share of the crypto exchange market fell from 12% to 8%, and according to other estimates — to 6%. Nevertheless, the exchange remains the second-largest cryptocurrency exchange. This indicates a high level of economic security, as opposed to information security.

Vulnerabilities and weaknesses exploited

The following Bybit security vulnerabilities were exploited in the attack:

Supply chain vulnerabilities — insufficient auditing, testing and monitoring of cold wallet development lifecycle security, infrastructure, and developer personnel, as well as critical reliance on a web-based user interface that was tampered with.
Missing recipient address validation on Ledger due to limitations of its GUI — the last signer of the transaction, Bybit CEO Ben Zhou, failed to see the full recipient address on Ledger’s hardware key due to limitations of its user interface. Ben Zhou missed the validation step.
Other flaws, such as the use of a weak Safe smart contract designed for small users rather than the enterprise level, and the lack of additional layers of transaction security checks were additional vulnerabilities that indirectly contributed to the realization of the incident.

Warning Signals Before an Attack

Could the attack have been prevented even with these vulnerabilities in place? Although complete information about the pre-attack signals has not been made available to the public, the analysis shows that the following indicators could have pointed to preparations for a hack:

Abnormal activity on the system:
- Uncharacteristic increase in authorization attempts.
- Unusual notifications from signer devices.
Signs of phishing campaigns:
- Suspicious messages related to transaction confirmation.
- Requests that do not conform to the company’s standard workflow.
Technical anomalies:
- Abnormal behavior in the web interface logs of the signing system.
- Traces of attempts to spoof data in the system.

We hope that the increased demand for monitoring such indicators will lead to the further development of on-chain and off-chain security services, as well as real-time management of security events in centralized systems.

The impact on the security of multi-signature solutions

A legitimate question. If Bybit used multisig wallets that didn’t work for it, does that mean discrediting multisig solutions in general?

Multisig wallets with hardware keys are the current security standard in the cryptocurrency world. The Bybit incident was a critical moment in understanding the security of multisig wallets.

The attack on Bybit revealed vulnerabilities not in the cryptographic multi-signature scheme, but in the operational processes and transaction validation interfaces. When properly implemented (hardware keys, isolated signing devices, and rigorous multi-level verification procedures), multi-signature is still a robust security mechanism.

The main conclusion is not that multi-sig wallets have become insecure, but rather the need to strengthen measures to protect the surrounding infrastructure, improve employee training, and implement additional layers of transaction authentication.

Lessons from the Bybit incident

The incident taught a good lesson not only to exchanges, but also to a wide range of cryptocurrency users. In particular, the need for the following security measures was proven on a new level:

Use of multi-layered security systems, including multi-signature wallets and additional mandatory access control measures on hardware wallets, with little to no opportunity to circumvent these measures.
Regular training of employees and users in phishing and social engineering detection, including regular attack simulations to assess preparedness.
Traditional smart contract audits do not cover off-chain threats. Therefore, security audits should be comprehensive and should also include audits of the infrastructure and all technological processes of organizations, not just blockchain algorithms.
Improved systems for monitoring the security of the development environment and infrastructure, transaction monitoring and rapid response to platform anomalies.
Exchange-level enterprise systems operating billions of dollars should not have to rely on legacy components tolerated by small users.

In the coming months, the crypto industry will show how well it has learned these lessons.

Have they been learned before? What should they be in order to mitigate not only known but also not yet widespread but growing security risks? To answer these questions, it is important to consider other significant security incidents from previous years that have shaped the current understanding of risk in the crypto industry.

Major blockchain security incidents of the past few years

Unfortunately, even with advanced security technologies, attackers are constantly finding new ways to exploit vulnerabilities — whether at the level of smart contracts, infrastructure, or human error.

Below, we’ll analyze the most telling security incidents of recent years to form a better picture of how cryptocurrency asset protection techniques have evolved to not only respond to, but also preempt growing threats.

Solana Failures (2023).

A series of outages of the Solana network revealed fundamental problems with the architecture: vulnerability to spam attacks, problems with validators, and difficulties with network upgrades. The damage from these incidents is difficult to assess, as they were largely temporary compensable. Many experts estimate the damage from these incidents to be at least several tens, if not hundreds, of millions of dollars.

Lessons from the Solana incident:

The importance of balancing speed and stability.
The need for protection against DDoS attacks and decentralization of validators.
The need to carefully manage network load and develop mechanisms to prevent spam attacks and congestion.
Effective change management and timely software updates are critical to maintaining network stability.
Advanced monitoring systems are needed to detect anomalies early and prevent potential problems.
Well-established alert systems and transparent information help to respond to problems faster and restore normal network operations.

Ronin Network hack (2022)

In March 2022, one of the biggest incidents in the world of decentralized finance (DeFi) occurred. Hackers attacked the Ronin Network, a sidechain backed by the Axie Infinity game. The attackers stole about 625 million U.S. dollars.

Lessons from the Ronin Network incident:

The attack exposed weaknesses in cross-chain bridge security. The main lesson was the realization of the need to implement multiple layers of protection and conduct regular security audits.
A high degree of centralization of validators increases risks. The number of validators should be increased and distributed among independent participants.
Rapid detection of anomalous activity and a quality alert system should prevent or minimize damage from attacks in a timely manner.
Collaboration between partner teams such as Sky Mavis and Axie DAO should be transparent and secure to prevent possible vulnerabilities.

Terra collapse (2022)

The crash of the UST algorithmic stablecoin and the LUNA token was a systemic shock to the entire crypto industry. This incident was more of an algorithm failure than a crime. That said, there is a less popular opinion that this failure could have been caused by a massive attack on the UST stabilization mechanism.

Either way, the damage from the incident is worth including in our review. The failure led to hyperinflation of LUNA and the loss of more than 40 billion U.S. dollars of capitalization.

Lessons from the Terra incident:

The lack of physical security makes algorithmic coins extremely vulnerable to market shocks.
Since the crash, investors and regulators have focused on the need for stricter regulations for cryptocurrencies, especially for stablecoins.
Interest in models backed by real assets has grown. This could be the basis for a new wave of stable digital currencies.
A move to be backed by fiat reserves, treasury bonds, or gold is seen as a way to avoid similar disasters in the future.

Poly Network hack (2021)

One of the largest hacks in DeFi. The hacker stole more than 600 million U.S. dollars by exploiting a vulnerability in the cross-chain protocol. The incident is unique in that the hacker returned all funds and engaged in a public dialog through the transactions, calling the hack “white-hat hacking.”

Lessons from the Poly Network incident:

Risks of cross-chain bridges.
The importance of rigorous testing of smart contracts.
The desirability of assigning fair rewards to anonymous security researchers to motivate them to work in a legitimate field.

KuCoin hack (2020)

Hackers stole the private keys of KuCoin’s “hot wallets,” stealing 281 million U.S. dollars worth of cryptocurrencies. What made this incident peculiar was the rapid response of the ecosystem. Major exchanges froze suspicious addresses, and projects conducted hardforks to block stolen tokens. Most of the funds were recovered.

However, as the Bybit incident showed, recently large popular networks like Ethereum refuse to conduct hardforks even to save much larger sums. The projects cite violations of legitimate users’ interests. Such hardforks can cause damage greater than the value of the stolen funds.

Lessons from the KuCoin incident:

The importance of rapid hack detection and response plan.
The effectiveness of collaboration between projects.

Coincheck hack (2018)

Japanese exchange Coincheck became the victim of one of the largest hacks in cryptocurrency history at the time. Hackers stole 523 million NEM tokens (about 535 million U.S. dollars) due to storing funds in an unsecured “hot wallet.”

Lessons from the Coincheck incident:

The criticality of separating hot and cold wallets.
Introduction of strict security standards and mandatory user verification.

The DAO hack on Ethereum (2016)

The DAO (the first decentralized autonomous organization) incident was a turning point for Ethereum. A hacker exploited a vulnerability in a smart contract that allowed multiple withdrawals through recursive function calls. As a result, 3.6 million ETH (about 60 million U.S. dollars at the time) was stolen.

Lessons from the incident with The DAO on Ethereum:

The critical importance of auditing smart contracts.
Introduction of formal code verification.
At the time, the possibility of a “soft” blockchain fork for remediation.

Mt. Gox (2014 and 2011)

Mt. Gox, the largest bitcoin exchange at the time, has come to symbolize both the rise and fall of the crypto industry. Its story began in 2010 when Jed McCaleb repurposed the “Magic: The Gathering” card trading platform into a Bitcoin exchange. However, as early as 2011, the exchange faced its first major attack. It was one of the first and most significant crypto exchange hacks in history.

The hackers gained access through a hacked auditor’s computer. This allowed them to manipulate prices and conduct fictitious transactions. The incident revealed critical vulnerabilities: lack of access rights segregation, weak protection of administrative accounts, and data storage in unencrypted form.

The real disaster occurred in 2014. It turned out that hackers had been stealthily withdrawing bitcoins through a vulnerability in the transaction processing system for years. When the truth came out, it turned out that about 480 million U.S. dollars (7% of all bitcoins at the time) had been stolen.

This became the largest hack in the history of cryptocurrencies not only at the time. The reverberations of that incident, such as compensation to victims, are still affecting the bitcoin exchange rate. If we recalculate the damage at the current exchange rate, we get an unprecedented amount of 70 billion U.S. dollars.

Lessons from the Mt. Gox incidents:

Implementation of separation into hot and cold wallets.
Regular audits of reserves and use of multi-signature wallets.
Development of decentralized exchanges and non-custodial wallets.

These measures are still actively used today, so the experience of Mt. Gox has undoubtedly served the industry well.

General lessons from the biggest incidents

Through these incidents, the blockchain industry has got the following general outcomes:

Centralization is a significant vulnerability. The Mt. Gox, Coincheck and KuCoin incidents confirm this.
The complexity of the technology creates new risks. The DAO and Poly Network hacks showed that even a small error in the code can lead to catastrophic consequences.
Economic mechanisms require rigorous testing. The Terra crash demonstrated the dangers of insufficiently tested financial models.
Speed of development often conflicts with security. Solana’s problems are a prime example of how the pursuit of performance can lead to instability.

Modern cryptoproject architecture is the result of many lessons learned. These include multi-layered security systems, strict auditing procedures, decentralized management and transparent operations. The industry has learned from past mistakes, but the emergence of new technologies is constantly creating new security challenges.

How to prevent future blockchain incidents

We’ve looked at the biggest incidents in blockchain history, each of which has been an important lesson for the crypto industry. But what’s next? How can we not only avoid repeating past mistakes, but also anticipate future ones and make the blockchain ecosystem more robust?

In this section, we look at best practices, innovations, and strategies to help minimize risks and prevent future incidents.

Technical improvements

The development of tools for static and dynamic code analysis helps improve security by helping to identify bugs and vulnerabilities at various stages of development. Static analysis checks the code without executing it, while dynamic analysis examines the code while it is running.

The use of hardware wallets and multi-signature systems provides an additional level of protection. Hardware wallets guarantee a high level of key protection, while multi-signature systems require multiple keys to confirm transactions. This makes access much more difficult for attackers.

Improving cross-chain protocols and bridges is also essential, as secure bridges and communication protocols between different blockchains are important to prevent attacks and asset theft.

In today’s rapidly evolving cyber threat environment, the practical application of innovation is of particular value. An illustrative example of the effectiveness of this approach was the implementation of an artificial intelligence (AI) threat monitoring system for one of our clients. The implementation of this system resulted in an 84% reduction in the risk of security incidents. This served as a significant factor in building confidence on the part of investors and partners.

Organizational measures

Regular independent security audits play an important role in securing blockchain projects. Hiring third-party experts allows for the timely detection of potential vulnerabilities before they are exploited by attackers. The effectiveness of these audits is greatly enhanced when combined with well-designed incident response plans. They ensure that the team responds quickly and cohesively when threats occur, minimizing potential damage.

An important component of organizational security is also the systematic training of both developers and users in the blockchain security. Regular training and educational programs raise general awareness and develop the practical skills needed to prevent security incidents.

The creation of specialized user funds insurance funds, similar to Binance’s SAFU, forms an additional layer of protection for users. Such initiatives significantly strengthen trust in platforms, as they guarantee reimbursement of funds in case of unforeseen situations.

Regulatory initiatives

Cryptocurrency laws and regulations are rapidly evolving. Stricter requirements for cryptocurrency exchanges and projects are becoming a key factor in reducing the number of incidents. The introduction of strict security standards and compliance with regulatory requirements create a basis for the stable functioning of the market.

In parallel, a system of mandatory licensing of crypto platform operators is being developed. This allows for more effective control over their activities and guarantees compliance with established security criteria.

An important area is the development of unified standards for stablecoins and other financial instruments. This provides the necessary transparency and security, contributing to the formation of reliable financial products in the cryptocurrency market.

The role of the community

The community plays a fundamental role in making an ecosystem more secure. Programs to encourage responsible vulnerability disclosure (bug bounty) create incentives for experts to share their findings. This significantly improves the security of projects. Educational initiatives create a security culture and increase the general awareness of market participants about potential risks and protection methods.

Decentralized management systems (DAOs) are becoming an important tool for increasing transparency in the industry. They enable community members to directly influence decision-making processes and control project development. This reduces risks and improves governance mechanisms.

Recommendations for users

Last but not least, a set of security measures is related to the human factor. We will never tire of repeating that user errors account for a significant proportion of the causes of all incidents, not only in blockchain technology, but in IT in general.

To reduce the risks of loss, it is necessary to follow the most important security rules and best practices:

Using hardware wallets and non-custodial solutions. Storing keys on hardware devices provides a high level of security and reduces risk.
Enable two-factor authentication (2FA) on all platforms. 2FA adds an extra layer of protection, making unauthorized access more difficult.
Regular software updates and application authentication. Updating software and using validated applications can help avoid vulnerabilities.
Caution when interacting with new and untested projects. It is important to thoroughly vet new projects before investing or using them to avoid possible risks.
Compliance with security policies and procedures. It is often too tedious to comply with all the rules, but we must remember that they protect us not only from intruders, but also from our own mistakes. Any deviations, exceptions, or waivers should not be applied spontaneously, but should be carefully analyzed, collectively evaluated, and systematically implemented in the form of changes to existing rules as appropriate to balance security and convenience.

Predictions for the next 5 to 10 years: the future of blockchain security

Based on lessons learned, let’s look at how security practices in the blockchain industry may change over the decade. Advances in technology and the emergence of new threats are shaping new standards and approaches to protecting digital assets and data.

Evolution of threats and defense mechanisms

In addition to traditional attacks on smart contracts and DeFi platforms, new threat vectors are emerging, such as those related to blockchain integration with IoT devices. Data privacy issues in public blockchains are of particular concern. This stimulates the development of technologies like zk-SNARKs and homomorphic encryption.

Formal verification of smart contracts is becoming a cornerstone of security in blockchain development. Projects such as Tezos and Cardano are already demonstrating the effectiveness of this approach to mathematically prove the correctness of code before it is deployed. By 2030, this method is likely to become a mandatory standard for all serious blockchain platforms.

With the development of quantum computing, the industry will face the need to fundamentally revise approaches to cryptography. The transition to quantum-resistant encryption algorithms will become not just a technological trend, but a necessary condition for the survival of blockchain projects.

In parallel, artificial intelligence will take center stage in monitoring and defense systems. Some platforms are already demonstrating how AI can effectively detect anomalies and prevent attacks in real time.

Regulatory risks are also becoming a significant factor. Tightening KYC/AML requirements creates additional challenges for projects balancing legal compliance and user data protection.

New professions and competencies

The transformation of the industry is generating demand for new specialties. Especially in demand are smart contract auditors who can perform deep code analysis and identify potential vulnerabilities.

Blockchain cyber threat analysts are becoming key players in securing networks by applying advanced AI technologies to predict and prevent attacks. The growing complexity of the regulatory environment is creating demand for blockchain regulatory consultants, and the development of cross-network communication requires specialists in the design and implementation of cross-chain protocols.

A new trend is emerging — cyber insurance in blockchain. Within this area, specialized managers develop products to protect projects and users from financial losses in the event of cyberattacks.

Interconnectivity and decentralization

Particular attention is being paid to the development of interconnection standards. Projects like Polkadot and Cosmos are paving the way for the secure exchange of data and assets between different blockchains.

In parallel, decentralized storage solutions such as IPFS and Filecoin are evolving. They make systems more resilient to hacking due to their distributed architecture.

All of these changes are shaping a new security paradigm in the blockchain industry. In this paradigm, technological innovations, professional competencies and regulatory requirements create a complex but effective system for protecting digital assets and data.

Conclusions

With each new major incident, blockchain security moves to a whole new level. Years of trial and error have taught, are teaching, and will continue to teach the industry a lot. Now even small startups use multi-level protection, undergo regular audits and implement advanced monitoring systems. Previously, even large companies did not do this.

Along with defense methods, hacking methods are evolving. New attack vectors related to social engineering and vulnerabilities in related systems are emerging. Developers have to be constantly on the alert, improving methods and means of defense.

Experience shows that truly reliable systems are created only with the active participation of the community. Open source code, bug bounty programs, public discussions of updates — all this helps to find and fix potential problems in a timely manner.

Ultimately, blockchain security depends on all participants in the ecosystem. Developers must create secure protocols, auditors must scrutinize code and configurations, users must comply with security rules, and investors must prioritize the most trusted and reputable technologies, projects, and developers.

For our part, we are ready to be your trusted partner in this process. If you would like to learn more about our solutions or discuss opportunities for cooperation, please leave a request for a free consultation.

Only together can we ensure sustainable technology development and protect your funds from new threats.

_________________________

Subscribe to us at x.com so you don’t miss our news and blog articles.

Contact us

For your convenience, use this form: