Socket
Book a DemoInstallSign in
Socket
Back
Security News

Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two Months

Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.

Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two Months

Sarah Gooding

March 3, 2025

Record-breaking losses have shaken the crypto ecosystem in the wake of the $1.46 billion Bybit attack, which currently ranks as the largest digital heist ever recorded. The cryptocurrency industry started 2025 with devastating financial losses, according to the latest report from blockchain security platform Immunefi. In just the first two months of this year, crypto projects have lost a staggering $1.6 billion to security breaches—already surpassing the entire 2024 total of $1.49 billion.

This represents an alarming 8x increase compared to the same period last year, when losses totaled approximately $200 million.

February's Catastrophic Numbers#

February 2025 alone accounted for $1.53 billion in losses across nine specific hacking incidents, marking an 18x increase from February 2024 ($81.6 million) and a 20x surge from January 2025 ($73.9 million).

The majority of these losses were concentrated in two high-profile attacks:

  • Bybit Exchange: Lost a catastrophic $1.46 billion
  • Infini (stablecoin bank): Lost $49.5 million

The Bybit attack alone represents 95.5% of February's total losses and has delivered a major blow to the centralized finance (CeFi) sector.

CeFi vs. DeFi: A Stark Contrast#

February's attack pattern reveals an interesting dynamic between centralized and decentralized finance platforms:

  • CeFi: 95.5% of total losses from a single incident (Bybit)
  • DeFi: 4.5% of total losses spread across 8 separate incidents

While DeFi has historically been considered more vulnerable to attacks, this massive CeFi breach demonstrates that no sector of the crypto ecosystem is immune to sophisticated threat actors.

The North Korean Connection#

Security experts and intelligence agencies have attributed the Bybit attack to the notorious Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the Bybit attack. This represents a concerning escalation in their operations, successfully targeting one of the world's largest cryptocurrency exchanges.

The group's involvement aligns with their recent pattern of increasingly sophisticated attacks. In January 2025, our security researchers uncovered a Lazarus operation targeting developers through a malicious npm package called "postcss-optimizer." This package contained BeaverTail malware designed to steal credentials and cryptocurrency wallet information from developers' systems. The attack specifically targeted private keys from various crypto wallets including MetaMask, Phantom, Binance Wallet, and Coinbase Wallet.

Using malware-infected npm packages is nothing new for this group, as they've repeatedly leveraged the open source ecosystem to target developers with access to valuable cryptocurrency infrastructure and codebases. These diverse activities across the cryptocurrency ecosystem—from supply chain attacks on developers to major exchange breaches like Bybit—demonstrate the group's persistent focus on cryptocurrency theft as a means of generating revenue for the North Korean regime. While these appear to be separate campaigns, they demonstrate the breadth of Lazarus Group's targeting within the crypto sector.

In her assessment of the incident, security researcher Taylor Monahan highlighted a critical vulnerability in the cryptocurrency industry's security posture: even the most well-funded organizations within the crypto ecosystem remain insufficiently prepared to defend against determined adversaries like the Lazarus Group.

She specifically identified the persistent issue of "blind-signing" as a fundamental flaw that makes such attacks predictable. This practice, where cryptocurrency users authorize transactions without comprehensively examining their details, creates an exploitable gap that attackers can target—exactly as demonstrated in the Bybit incident.

Most Targeted Chains#

Hackers continue to focus their efforts on established blockchain networks:

  • BNB Chain and Ethereum: Together suffered 8 individual attacks (4 each), accounting for 72.8% of total losses across targeted chains
  • Other affected chains: Abstract, Mode, and Optimism (each suffered one attack)

Top Hacks of February 2025#

Beyond the major Bybit and Infini breaches, several other projects experienced significant losses:

  1. zkLend: $9.5 million
  2. Ionic Money: $8.6 million
  3. Cardex: $400,000
  4. Four.Meme: $183,000
  5. Cashverse: $107,900
  6. BankX: $43,000
  7. GoldReserve NFT: $8,500

The unprecedented scale of losses in early 2025 signals a worrying trend for cryptocurrency security. With state-backed hackers setting an aggressive tone for the year, experts anticipate continued attacks targeting crypto infrastructure.

These major breaches highlight the urgent need for stronger security measures across the industry. As attacks grow more sophisticated—including not just technical exploits but also social engineering and insider threats—crypto platforms must prioritize comprehensive security strategies that address the full spectrum of potential vulnerabilities.

Record Breaches May Trigger Regulatory Scrutiny#

The surge in successful attacks—particularly against a major exchange like Bybit—raises serious questions about the industry's security readiness. With $1.6 billion lost in just two months, investor confidence may face significant headwinds throughout 2025.

The involvement of state-backed actors like the Lazarus Group signals a troubling escalation in threat sophistication. Their successful targeting of one of the largest exchanges demonstrates that even well-funded platforms with substantial security resources remain vulnerable.

As the Trail of Bits analysis concludes, these attacks reveal an escalating pattern, with each compromise building on the last. The progression from the WazirX Exchange ($230M, July 2024) to Radiant Capital ($50M, October 2024) and finally to Bybit ($1.5B, February 2025) demonstrates an alarming evolution in both scale and sophistication.

"In each case, the attackers didn’t exploit smart contract or application-level vulnerabilities," the Trail of Bits team wrote. "Instead, they compromised the computers used to manage those systems using sophisticated malware to manipulate what users saw versus what they actually signed."

These high-profile incidents could accelerate regulatory scrutiny in 2025. The unprecedented scale of the Bybit hack in particular may prompt regulators to revisit existing frameworks for cryptocurrency exchange security.

As the cryptocurrency market continues to mature, the tension between innovation and security remains unresolved. These record-breaking losses may ultimately serve as a catalyst for industry-wide security standards that have thus far remained elusive.

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a Demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.