The recent attack on Dubai-based crypto exchange Bybit has further put the spotlight on the security of cryptocurrencies but has also proven that swift action and a robust company war chest is critical in controlling the effects of a hack.
And while Bybit was able to prevent the incident from spiralling out of control, the effects of the attack was also immediate, in addition to raising some questions about the prospects of the industry that has exploded in recent months.
"The management of [Bybit] handled the situation relatively well but the implications are various," Manuel Villegas, next generation research analyst at Swiss bank Julius Baer. "The resolution of this situation might take years and the blockchain’s transparency has made the offloading of stolen assets very cumbersome."
What happened to Bybit?
Bybit was hit by a cyber attack on February 21, in which 401,000 Ethereum worth more than $1.5 billion was stolen.
The brazen crime was carried out through a "manipulation of the transfer process, during a planned routine transfer" on one of its cold wallets, the company said.
A cold wallet is cryptocurrency storage that is not connected to the internet, shielding it from the possibility of theft or hacks.
The value of the Bybit hack already makes up more than half of cumulative funds stolen in 2024, according to data from blockchain company Chainalysis.
Who was responsible?
According to the US Federal Bureau of Investigation on Thursday, North Korea was responsible for the Bybit theft. The agency said it refers to this specific North Korean malicious cyber activity as "TraderTraitor", where cyber actors from the Asian nation are targeting organisations in the blockchain technology and cryptocurrency industry.
"TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains," the FBI said in a public service announcement.
North Korea has gained notoriety for being involved in not only crypto attacks: hackers affiliated with the country stole $1.34 billion across 47 incidents last year, almost a 103 per cent increase year-on-year, Chainalysis' 2025 Crypto Crime Report shows.
That represents 61 per cent of the total amount stolen for the year and a fifth of all incidents, the New York-based company said.
"Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions," said Andrew Fierman, head of national security intelligence at Chainalysis.
Where does the value of the Bybit hack rank all-time?
At the top – and it's not even close: the $1.5 billion stolen from the company is more than double the $625 million lost by Ronin Network in 2022.
Other hacks above the half-billion mark include Poly Network's $611 million in 2021, Binance BNB Bridge's $569 million in 2022 and Coincheck's $532 million in 2018.
The first major crypto hack was the 2011 attack on Mt Gox, in which it lost $473 million, while FTX, whose founder Sam Bankman-Fried was in 2024 sentenced to 25 years in prison for its collapse, lost $477 million in 2022 – a day after it filed for bankruptcy.
Bybit's response
Bybit said it took "swift action, transparency and professionalism", and its founder and chief executive, Ben Zhou, "took immediate ownership of the situation" and addressed the situation in a live-stream on X.
Mr Zhou guaranteed that all client funds were safe withdrawals as usual and none of Bybit's other cold wallets were affected. Within 12 hours of the hack, the company was able to process more than 350,000 withdrawal requests "efficiently", it added.
Bybit also garnered support from its peers. Crypto exchange Bitget said its security and research team was helping Bybit in tracking activities related to the hack, and that it would share any analysis of this incident and "what industry can do to avoid similar issues", Bitget chief executive Gracy Chen had said.
How has it affected the crypto market?
Sentiment in the cryptocurrency market has become extremely cautious, exacerbated by the Bybit hack, according to investment platform eToro.
The Crypto Fear and Greed Index, used to measure the mood of the market, declined sharply from a level of 55 (neutral) to 21 (extreme fear) within less than a week.
The situation has also been reflected in the price of Bitcoin: the world's first and biggest cryptocurrency crashed about 20 per cent in the last month on the weakening of the Donald Trump effect across markets, outflows from exchanged-traded funds and the Bybit hack.
Bitcoin was trading at a little over $86,400 at 4pm UAE time on Thursday. It had soared to a record of more than $109,000 ahead of Mr Trump's inauguration in January.
"Bitcoin had been showing resilience until it reached the $92,000 level, which had served as support since November 2024. The break below this level likely triggered a series of liquidations, intensifying the downwards pressure on the price," said Simon Peters, a crypto analyst at eToro.
Still, eToro encourages long-term investors to keep perspective; for investors with liquidity and long-term confidence in Bitcoin, this correction could present an opportunity to strengthen their holdings, it said.
"While large price movements can be concerning, they are typical in any asset class. We should remember that Bitcoin is still 70 per cent higher than it was a year ago," Mr Peters added.
