The cryptocurrency industry was shaken on February 21, 2025, when Bybit, confirmed a hack resulting in the loss of approximately $1.4 billion in Ethereum (ETH) and related tokens, marking it as the largest cryptocurrency theft in history. This incident, detailed in various reports, underscores the escalating sophistication of cyber attacks in the cryptocurrency space.

A Glance into the Bybit Hack

The Bybit hack involved a sophisticated attack on the exchange’s Ethereum cold wallet, a storage system designed to be offline for enhanced security The breach occurred during a routine transfer from the cold wallet to a warm wallet, a process that typically involves moving funds for operational purposes while maintaining some level of connectivity. Reports indicate that hackers manipulated the signing interface, deceiving wallet signers into unknowingly approving a malicious transaction. This manipulation displayed the correct address to the signers while altering the underlying smart contract logic, enabling unauthorized access and the subsequent draining of funds.

The CEO, Ben Zhou, confirmed the theft of 401,347 ETH, valued at around $1.4 billion at the time, and reassured customers that other wallets were secure, with Bybit maintaining sufficient liquidity to honor withdrawals. Blockchain analysis firms like Elliptic and Arkham Intelligence traced the stolen funds, noting their distribution across multiple wallets and rapid liquidation, suggesting a coordinated effort possibly linked to North Korea’s Lazarus Group.

Implications and Insufficiency of Traditional Security Measures

The Bybit hack demonstrates that traditional security measures, such as cold wallets and multi-signature setups, are insufficient against modern, AI-enhanced attacks. Cold wallets, by design, store private keys offline to protect against online threats, yet the breach occurred during a transfer, exploiting the human element in the signing process Cryptocurrency theft of £1.1bn could be biggest ever, says Bybit. Multi-signature wallets, requiring multiple approvals, were compromised through deception, highlighting the risk of UI manipulation and social engineering, which can bypass even robust technical safeguards.

The attack’s sophistication, potentially linked to state-sponsored actors like the Lazarus Group, underscores the need for adaptive security solutions. Traditional tools, reliant on static rules and manual processes, struggle to keep pace with AI-driven attacks that can automate and scale deception.

The Role of AI in Prevention

As we move forward, AI-powered tools are becoming increasingly valuable in preventing such incidents. These tools can automate tasks, identify potential threats, and respond to incidents more effectively.

At ARMUR, we strongly advocate for the adoption of LLM Powered tools that can help prevent such incidents. We provide wide range of AI Code Vulnerability scanning, which can save you time and the chaos.

Conclusion and Recommendations

The Bybit hacks, serves as a critical reminder that cybersecurity is an ongoing battle requiring constant innovation. As AI continues to play a larger role in both attacks and defenses, organizations must prioritize investing in security.