Bybit data breach and inherent CEX weaknesses result in financial losses
In a shocking turn of events, a North Korean state-sponsored hacking collective known as the Lazarus Group carried out a cyberattack against the popular cryptocurrency exchange platform, Bybit, in February 2025. The breach resulted in the theft of 1.5 billion Ethereum tokens, making it the largest cryptocurrency heist in history.
The Lazarus Group, infamous for their use of phishing techniques and malware, employed several sophisticated methods to execute the Bybit hack. According to a mid-2025 report on cryptocurrency crime, the hackers used social engineering and insider access, compromised signature machines, phishing attacks, cross-chain bridges, and privacy tools for laundering the stolen assets.
The social engineering tactic involved gaining insider access by exploiting human vulnerabilities such as trust and psychological manipulation. The hackers also compromised Bybit's signature machines, giving them control over transactions and enabling them to transfer funds without raising alarms.
Phishing attacks, while not explicitly mentioned for Bybit, are a common tactic used by the Lazarus Group. These attacks involve sending deceptive emails or messages to trick victims into divulging sensitive information or installing malware.
After stealing the funds, the hackers laundered the assets using cross-chain bridges and privacy tools. This involved moving the stolen Ethereum across multiple blockchains and using crypto mixers to obscure the transaction trail, making it difficult to track the funds.
The rapid asset transfer saw the hackers transferring the stolen Ethereum to different blockchains within a short period, often using anonymity-focused exchanges and wrapped tokens to further disguise the origin and ownership of the funds.
The report on cryptocurrency crime emphasises the critical role of human error and social engineering as the main security vulnerabilities for digital currencies. The perpetrators of the Bybit hack stole access to a dedicated machine for social engineering and signing, highlighting the significance of human error in these attacks.
The Bybit hack is one of eleven cyberattacks targeting centralized exchange (CEX) platforms mentioned in the report. These attacks, including the Bybit hack, are responsible for nearly 75% of this year's cryptocurrency losses, totaling approximately $2.17 billion.
The report notes that recent attack tactics have evolved, with the use of human and internal access by state-sponsored malicious actors. Despite the presence of technical protective measures, the risk of human error remains significant.
The targeted platforms with high liquidity are prime targets for sophisticated cyberattacks, as seen in the breaches of SmartEx, Nobitex, and BitoPro, which are highlighted as examples of the growing vulnerabilities of CEX platforms.
The Bybit hack and subsequent laundering have contributed to the rise in cryptocurrency-related crime in 2025. However, the research disputes the idea that decentralized finance (DeFi) is the primary target, rather than centralized exchange platforms.
As the cryptocurrency market continues to grow, it is essential for platforms to strengthen their security measures and remain vigilant against such sophisticated attacks.
The Lazarus Group, known for their involvement in finance and cybersecurity, employed social engineering and compromised signature machines in the Bybit hack, highlighting the significance of human error in these attacks, despite the presence of technical protective measures. After stealing the funds, they laundered the assets using cross-chain bridges and privacy tools, making it difficult to track the funds and emphasizing the growing vulnerabilities of centralized exchange platforms.
