On the night of February 21, Ben Zhou, the CEO of the Bybit encryption exchange, was recorded on his computer to approve what seems to be a usual transaction. His company moved a large amount of ether, a popular digital currency, from one account to another.
Thirty minutes later, Mr Zhou received a call from BYBIT’s financial director. In a crazy voice, the executive told Mr Zhou that their system had been tired.
“All Ethereum is gone,” he said.
When Mr Zhou approved the transaction, he had accidentally provided control of a North Korean hackers account, according to the FBI stole $ 1.5 billion in cryptocurrencies, the largest robbery in industry history.
To pull out the amazing violation, hackers took advantage of a simple defect in Bybit safety: its dependence on a free software product. They were pervaded by bybit by handling a public system available in the exchange of exchanging to secure hundreds of millions of dollars in customer deposits. For years, Bybit has been based on storage software, developed by a technology provider called Safe, even when other security companies sold more specialized business tools.
The hack sent encryption purchases to a free fall and undermined confidence in the industry at a critical time. Under the Trump Cryptographic Administration, industry executives are pressing for new US laws and regulations that would make it easier for people to pour their savings into digital currencies. On Friday, the White House is scheduled to host a “cold cold” with President Trump and top industry officials.
Crypto Security experts said they were concerned about what the robbery revealed about Bybit security protocols. The losses were “completely preventive”, a security company wrote in an analysis of the violation, arguing that “it should not have happened”.
Safe’s storage tool is widely used in the encryption industry. However, it is best suitable for cryptographic hobbyists than exchanges that handle billions in customer deposits, said Charles Guillemet, an executive at Ledger, a French encryption company that offers a storage system designed for companies.
“This must really change,” he said. “It is not an acceptable situation in 2025.”
In Bybit, the hack started a frantic 48 hours. The company oversees up to $ 20 billion in customer deposits, but it didn’t have enough ether to cover the losses of $ 1.5 billion. Mr Zhou, 38, struggled to keep the business in the life of lending by other businesses and drawing on corporate stocks to cover the increase in withdrawal demands. In the social media, it seemed amazingly relaxed, announcing a few hours after the theft that his stress levels were “not too bad”.
As the crisis unfolded, the price of Bitcoin, a Bellweether for the industry, plunged 20 %. It was the steepest fall than FTX’s 2022 failure, the exchange run by the frustrated Mogul Sam Bankman-Fried.
In an interview this week, Mr Zhou acknowledged that bybit had warned about possible problems with safe. Three or four months before the hack, he said, the company observed that the software was not fully compatible with one of its other security services.
“We need to upgrade and move away from Safe,” Mr Zhou said. “We definitely want to do it now.”
Rahul Rumalla, head of Safe’s products, said in a statement that his team created new security security features and that Safe products were “Treasury’s backbone for some of the largest organisms in the area”.
“Our job is not only to correct what happened,” Mr Rumalla said, “but to ensure that the whole space is learning from it, so this will not happen again.”
Founded in 2018, bybit acts as a encryption market, where daytime traders and professional investors can convert their dollars or euros into Bitcoin and Ether. Many investors face exchanges such as Bybit as informal banks, where they deposit cryptographic holdings for guard.
With some estimates, bybit is the second largest exchange of encryption in the world, processing tens of billions of dollars each day. Based in Dubai, it does not provide customers in the United States.
On February 21, Mr Zhou was at home in Singapore, completing some work, he said in an interview.
But first, he and two other executives had to sign the transfer of cryptocurrency from one account to another. These usual transport is supposed to be safe: no person in Bybit can perform them, creating multiple levels of protection from thieves.
Behind the scenes, however, a hacker group had already been broken into the Safe system, according to a Hack BYBIT control. A computer belonged to a safe programmer, a person with knowledge of the subject, had been compromised, allowing them to plant malicious code to handle transactions.
A link sent through Safe was invited to Mr Zhou to approve the transfer. It was a voice. When he signed, the hackers took control of the account and stole $ 1.5 billion in encryption.
Sudden outflows appeared in blockchain, a public book of encryption transactions. Crypto analysts quickly recognized the culprit as the Lazarus group, a hacking trade union backed by the North Korean government.
That night, Mr Zhou went to the Singapore BYBIT office to manage the crisis. He announced the hack in social media and launched a crisis protocol known to the company as a P-1, pressing a button to wake up every member of the leadership group.
About 1 am, Mr. Zhou appeared on a livestream on X, Swigging a Red Bull. He promised customers that bybit was still soluble.
“Even if this hack loss is not recovered. All customers’ assets are 1 to 1 supported,” he said in one position. “We can cover the loss.”
These assurances were not enough. Within a few hours, Mr Zhou said, about half of the digital coins deposited on the platform or about $ 10 billion, had withdrawn. The encryption market sank.
To limit the damage, other encryption companies were offered to help. Gracy Chen, the chief executive of an opposing exchange, Bitget, borrowed bybit 40,000 to ether, or about $ 100 million, without asking for any interest or even collateral.
“We never questioned their ability to pay us,” Ms Chen said.
Among the crisis meetings, Mr Zhou provided a current comment on X. He shared snapshots of a health application, showing that his stress levels were surprisingly normal.
“Too much focused on all meetings. You forgot to stress,” he wrote. “I think it will come soon when I really start understanding the meaning of $ 1.5b loss.”
After the plunder of Bybit, the North Korean hackers spread the stolen funds in a huge web of electronic encryption wallets, a money laundering strategy they had used after other bandits.
“The Lazarus Group is on another level,” wrote Haseeb Qureshi, a business investor, in X after the theft.
Security experts accused Bybit of placing the risk. To authorize the usual transfer that led to the hack, Mr Zhou said, he used a material designed tool designed by the Ledger, the encryption company. The device was not in sync with Safe, he said. So he could not use the tool to control the complete details of the transaction he approved, always a dangerous practice in the cryptographic world.
“Safe just doesn’t give you the types of checks you would like if you are going to often make business transfers,” said Riad Wahby, professor of computer engineering at Carnegie Mellon University and co -founder of Cubist Digital Security.
Mr Zhou said he wanted he had taken action earlier to reinforce Bybit defenses. “There is a lot of regret now,” he said. “I should have paid more attention to this area.”
Also, bybit continued to operate after the hack, processing all withdrawals within 12 hours, Mr Zhou said. Shortly after the breach, he announced to X that the company moved about $ 3 billion to encryption.
“This is planned maneuver, Fyi,” he wrote. “We’re not a hacker this time.”
