On 21 February 2025, Bybit lost nearly $1.5 billion worth of Ethereum in what became the largest cryptocurrency heist on record. Forensic investigators found the attackers had compromised a developer's device at Safe{Wallet}, the multisig platform Bybit used, to manipulate a transaction.
The FBI publicly attributed the attack to North Korea's Lazarus Group, and blockchain analysts tracked the rapid laundering of hundreds of millions of dollars across mixers and cross-chain bridges in the following weeks.
Infrastructure is the new attack surface
Notably, Bybit's own systems were not directly broken; the weak point was a trusted third-party tool in its signing workflow. The incident pushed exchanges across the industry to re-examine supply-chain risk in their custody and signing infrastructure.
