On the night of February 21, Ben Zhou, the director general of the cryptocurrency exchange, connected to his computer to approve what seemed to be a routine transaction. His business moved a large amount of ether, a popular digital currency, from one account to another.
Thirty minutes later, Mr. Zhou obtained a call of the bybit financial director. In a trembling voice, the executive told Mr. Zhou that their system had been hacked.
“Everything Ethereum has disappeared,” he said.
When Mr. Zhou approved the transaction, he inadvertently had control of an account for pirates supported by the North Korean government, according to the FBI They stole $ 1.5 billion in cryptocurrencies, the largest robbery in industry history.
To make the astonishing violation, the pirates exploited a simple flaw in the security of Bybit: its dependence on a free software product. They penetrated by manipulating a system accessible to the public that the exchange used to protect hundreds of millions of dollars from customer deposits. For years, the Parbit was based on the storage software, developed by a technology supplier called OnEven if other security companies have sold more specialized tools for companies.
The hack sent cryptographic markets in free fall and has undermined confidence in industry at a crucial time. As part of the Crypto’s user -friendly Trump administration, industry leaders are lobbying for new American laws and regulations that would more easily repercussions in digital currencies. Friday, the White House is program To accommodate a “summit of cryptography” with President Trump and senior industry officials.
Crypto security experts said they were disturbed by what the robbery revealed to Bybit’s safety protocols. The losses were “completely avoidable”, a security company wrote In an analysis of the violation, arguing that it “should not have happened”.
The SAFE storage tool is widely used in the cryptography industry. But it is better suited to cryptographic amateurs than exchanges that manage billions of customer deposits, said Charles Guillemet, a LEDGER framework, a French cryptography safety company which offers a storage system designed for companies.
“It really has to change,” he said. “This is not an acceptable situation in 2025.”
At Bybit, hacking triggered 48 frantic hours. The company oversees up to 20 billion dollars in customer deposits, but did not have enough ether at hand to cover the losses of the steering of $ 1.5 billion. Mr. Zhou, 38, ran to keep the company afloat by taking other companies and relying on business reserves to respond to a wave of withdrawal requests. On social networks, he seemed surprisingly relaxed, announcing a few hours after the flight that his stress levels were “Not too bad.”
As the crisis took place, the price of Bitcoin, a Belwether for the industry, plunged by 20%. It was the steep Lower since the FTX 2022 failure, the exchange managed by the disagreeable magnate Sam Bankman Frit.
In an interview this week, Mr. Zhou acknowledged that Bybit had a preliminary warning concerning the possible problems with security. Three or four months before the hack, he said, the company noticed that the software was not entirely compatible with one of its other security services.
“We should have improved and move away from the safe,” said Zhou. “We are definitely looking to do this now.”
Rahul Rumalla, SAFE product director, said in a statement that his team had created new security features to protect users and that Safe products were “the backbone of the treasury for some of the largest space organizations”.
“Our work is not only to repair what happened,” said Rumalla, “but to make sure that all space learns, so it does not happen again.”
Founded in 2018, Bybit works as a crypto market, where day merchants and professional investors can convert their dollars or their euros into a bitcoin and ether. Many investors treat exchanges like Bybit as informal banks, where they lay assets in safety cryptography.
According to some estimates, Parbit is the world Second largest crypto exchangedealing with tens of billions of dollars every day. Based in Dubai, he does not offer customer services in the United States.
On February 21, Zhou was at home in Singapore, finishing work, he said in the interview.
But first, he and two other executives had to sign a transfer of cryptocurrencies from one account to another. These routine transfers are supposed to be secure: no person in Bybit can execute them, creating several strata against thieves.
Behind the scenes, however, a group of pirates had already entered the Safe system, according to Bybit Hack audit. They had compromised a computer belonging to a safe developer, said a person knowing the question, allowing them to plant malicious code to manipulate transactions.
A link sent via Safe invited Mr. Zhou to approve the transfer. It was a trick. When he signed, the hackers took control of the account and stole $ 1.5 billion in crypto.
The sudden outings appeared on the blockchain, a large public book of cryptographic transactions. Cryptographic analysts quickly identified The culprit as a Lazare group, a piracy union supported by the North Korean government.
That night, Mr. Zhou went to the Singapore office in Bybit to manage the crisis. He announced hacking on social networks and launched a crisis protocol known in the company under the name of P-1, pressing a button to wake up each member of the management team.
Around 1 a.m., Mr. Zhou appeared On a live flow on X, Swigging a Red Bull. He promised customers that the appeal was always solvent.
“Even if this loss of hacking is not recovered, all the assets of customers are supported from 1 to 1”, he said in a post. “We can cover the loss.”
These insurances were not sufficient. In a few hours, Mr. Zhou said that around half of the digital currencies placed on the platform, or nearly $ 10 billion, had been withdrawn. The cryptography market has plunged.
To limit the damage, the other crypto companies have offered to help. Gracy Chen, the CEO of a rival exchange, Bitget, lent 40,000 in ether, or around 100 million dollars, without requesting any interest or even guarantee.
“We have never questioned their ability to reimburse us,” said Ms. Chen.
Between the crisis meetings, Mr. Zhou provided a comment in the course of execution on X. He shared screenshots Of a health application, showing that its stress levels were surprisingly normal.
“Too concentrated commanding all meetings. Forgetted to stress, ”he wrote. “I think it will come soon when I start to really grasp the concept of losing $ 1.5 billion.”
After looting parbit, the North Korean hackers spread the stolen funds on a large network of online cryptography portfolios, a silver laundering strategy that they also used after other burglaries.
“The Lazarus group is at another level”, Haseeb Qureshi, a venture capital investor, wrote on x after the flight.
Security experts blamed Bybit to endanger themselves. To authorize the transfer of routine which led to hacking, said Zhou, he used a material tool designed by Ledger, the safety company of the crypto. The device was not synchronized with Safe, he said. He could therefore not use the tool to check all the details of the transaction he approved, always a risky practice in the world of cryptography.
“Safe simply does not give you the types of controls you would like if you want to make operational transfers frequently,” said Riad Wahby, IT engineering professor at Carnegie Mellon University and co-founder of the Cubist digital security company.
Mr. Zhou said he wanted to take measures earlier to strengthen Bybit’s defenses. “There are a lot of regrets now,” he said. “I should have paid more attention to this area.”
However, the parbit continued to operate after the hack, treatment All withdrawals within 12 hours, said Mr. Zhou. Shortly after the breach, he announcement On X that the company moved around $ 3 billion in additional crypto.
“It is a planned maneuver, for information,” he wrote. “We are not hacked this time.”
