Crypto traders woke up to big wins and bigger losses on Friday. Just as Coinbase celebrated the SEC dropping its lawsuit, Bybit got drained of $1.5 billion, the biggest crypto theft ever recorded. The Dubai-based exchange, which handles $36 billion in daily trades, confirmed the breach almost immediately as CEO Ben Zhou shared via a post on X that hackers took over an Ethereum cold wallet and emptied it into an unknown address. The hack of course shook Bitcoin up a bit as it tumbled by over 3% from $98,000 to around $96,000, according to data from CoinGecko. The Bybit hack is now fueling concerns about crypto security under deregulation. With the SEC pulling back, exchanges are facing fewer compliance checks, making them easier targets for hackers. Hilary Allen, a professor at American University, warned , “Deregulated markets sound good until you have this type of attack. In the short term, we are seeing a lot of cheering for the peeling away of a lot of regulations. But be careful what you wish for.” Meanwhile, on-chain detective ZachXBT has since traced the stolen Ethereum of Bybit to wallets linked to North Korea’s Lazarus Group. The notorious state-sponsored cybercrime unit has been responsible for some of the biggest crypto heists in history, including the $235 million WazirX attack and $50 million Radiant Capital breach. Lazarus follows a long-term laundering process, making fund recovery nearly impossible. They convert stolen tokens to Ethereum, swap it for Bitcoin, and mix transactions before cashing out through Chinese OTC brokers. The process can take years, and in some cases, Lazarus has been known to sit on stolen funds for over six years before moving them. Even though Bybit secured a loan to cover withdrawals, it still has to pay it back. The stolen funds are gone for good, which means Bybit will be forced to buy Ethereum on the market to settle its debts. That creates an unusual dynamic: Bybit’s buy pressure could push ETH prices up, while Lazarus dumps ETH for Bitcoin, keeping downward pressure on BTC over time. For traders, that means Ethereum may hold steady, but Bitcoin could face long-term sell pressure as North Korea slowly cashes out its gains. Bybit faces a bank run run on withdrawals Crypto traders noticed unusual outflows from Bybit before the company even made an announcement. Soon after his statement, Zhou went live on X to properly address the community. “Hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address,” Zhou said. Bitget CEO Gracy Chen downplayed the impact, saying in Chinese that: “Bybit is a respectable competitor and partner. Although the loss this time is huge, it is only their annual profit. I believe that customer funds are 100% safe. There is no need to panic or run on the bank. Come on, Ben!” By then, panic had set in. Bybit faced a massive bank run, receiving 350,000 withdrawal requests within 10 hours. The flood of exits outpaced the platform’s processing speed, leaving 2,100 requests stuck in the queue as Bybit’s team worked through the night. Even though Bybit had $16.2 billion in reserves, losing $1.5 billion in Ethereum and derivatives meant 9% of its total assets were wiped out. Zhou kept reassuring users that the exchange was solvent, but traders were not taking chances. With billions gone, Bybit had to act fast to avoid insolvency fears. Rival exchange Bitget stepped in with a 40,000 ETH ($106 million) loan to help stabilize withdrawals. Bitget( @bitgetglobal ) transferred 40,000 $ETH ($106M) to Bybit( @Bybit_Official ) as a loan to handle customer withdrawals. https://t.co/FQPc0gSLxX pic.twitter.com/y5BigWoONf — Lookonchain (@lookonchain) February 22, 2025 Zhou, running on zero sleep, told users, “Since the hack, we have experienced the most number of withdrawals that we have ever seen.” Bybit’s team processed 99.994% of requests, asking customers to “leave a comment if your withdrawal is completed.” Lazarus Group launders funds for North Korea’s weapons program Security experts at Chainalysis say Lazarus funnels stolen crypto into North Korea’s nuclear and ballistic missile program. The group has been a top target of U.S. and U.N. sanctions, but their methods keep evolving. In 2021 alone, Lazarus stole $400 million from centralized exchanges and investment firms. Interestingly, in terms of dollar value, Bitcoin now accounts for less than one fourth of the cryptos stolen by the hackers. In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%. The laundering process has grown more complex, with Lazarus using mixers to hide transactions. Chainalysis data shows that in 2019, only 21% of stolen funds were mixed, but by 2021, that number jumped to 65%. Chainalysis said in its report, “Chainalysis has identified $170 million in current balances—representing the stolen funds of 49 separate hacks spanning from 2017 to 2021—that are controlled by North Korea but have yet to be laundered through services.” Meanwhile, Zhou updated the users that, “12 hr from the worst hack in history. ALL withdraws have been processed. Our withdraw system is now fully back to normal pace, you can withdraw any amount and experience no delays. Thanks for your patience and we are sorry that this has happened.” He added that Bybit will come out with full incident report as well as security measurement in the next few days. Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here
