The world of cryptocurrency was shaken on February 21, 2025, when the Dubai based exchange Bybit fell victim to what is now considered the largest digital theft in history. Hackers made off with roughly 401,000 ETH, valued at about $1.5 billion at the time. While headlines are resurfacing today, February 24, 2026, on the one year anniversary,
the case remains a fascinating mix of cybercrime, geopolitics, and blockchain detective work.
How the Hack Happened
Unlike traditional hacks that break through firewalls, the Bybit heist was a sophisticated supply chain attack. The hackers targeted a developer at Safe (formerly Gnosis Safe), a platform Bybit used to secure its offline “cold” wallets. By compromising the developer’s workstation, they were able to manipulate the user interface.
When Bybit employees signed what appeared to be a routine transfer, the funds were quietly redirected to 51 wallets controlled by the attackers. This method, dubbed “TraderTraitor”, combined UI manipulation and insider access showing just how advanced modern cybercrime has become.
Who Is Behind the Theft?
Investigations by the FBI and blockchain analytics firms like Chainalysis point to the Lazarus Group, a notorious, state sponsored cybercrime collective linked to North Korea (DPRK). Unlike typical hackers, this group works as a revenue stream for the North Korean state, funding nuclear and ballistic missile programs.
Their operations are global, with headquarters in Pyongyang and “front” companies in countries such as China, Malaysia, and Russia.
Previous Lazarus hits include the Ronin Network heist ($620 million), WannaCry ransomware (2017), and the Bangladesh Bank robbery ($81 million stolen). Clearly, the Bybit theft was just the latest in their record of high stakes digital attacks.
Tracking the Stolen Funds
The crypto community and law enforcement have been meticulously tracking the digital trail. Lazarus used advanced laundering techniques, including cross chain hopping, mixers, and unregulated OTC brokers in Southeast Asia, sometimes called the “Chinese Laundromat”, to convert the stolen ETH into usable cash.
Despite these efforts, only about $40 million (less than 3%) has been frozen or recovered so far, while analysts estimate the group may have converted 60–70% of the loot into hard currency. Blockchain monitoring shows that 85% of the funds remain traceable, highlighting both the transparency and the challenge of digital currencies.
Market and Industry Impact
The heist sent ripples through the crypto market. On the anniversary of the hack, investors often moved assets from centralized exchanges to self custody wallets, reflecting a growing concern over exchange security.
Bybit itself survived the blow, with CEO Ben Zhou emphasizing that the exchange’s $20 billion in assets allowed them to maintain operations and cover user withdrawals. However, the event underscores the risks of centralized exchanges, even with robust security measures in place.
Balancing the Threats and Responses
The Lazarus Group’s operations illustrate the tension between global security and digital finance. On one hand, these state backed attacks fund illicit programs; on the other, they reveal vulnerabilities in supply chains and developer workflows that even the largest exchanges face.
Recovery efforts, including a $140 million bounty, demonstrate the crypto community’s willingness to cooperate with authorities, though state sponsored hackers may be beyond traditional deterrence. The incident also prompts discussions about regulatory oversight, self custody solutions, and the role of blockchain analytics in protecting the ecosystem.
What Comes Next
As of February 2026, the Bybit heist continues to be one of the most monitored cases in crypto history. Lazarus is reportedly evolving their tactics with Medusa ransomware and laundering as a service models, while authorities watch key Ethereum and Bitcoin addresses closely.
The story serves as a stark reminder that cryptocurrency, while decentralized, is not immune to real world geopolitics and cybercrime. For investors, developers, and regulators, the Bybit case is a call to remain vigilant, innovate security practices, and understand that digital theft on this scale carries implications far beyond finance.