On the night of February 21, Ben Zhou, chief executive of the Cryptocurrency Bybit, entered his computer to approve what it seemed to be a routine transaction. His company was moving a large amount of ether, a popular digital coin, from one account to another.
Thirty minutes later, Mr. Zhou received a call from Byb’s leading financial officer. With a trembling voice, the executive told Mr. Zhou that their system was hacked.
“All Ethereum is gone,” he said.
When Mr. Zhou approved the transaction, he had inadvertently submitted the control of a North Korean -based hacker account, according to the FBI they stole $ 1.5 billion at Cryptocurrency, the largest Heist in industry history.
To attract the stunning violation, the hackers used a simple flaw in Byb’s safety: his relying on a free software product. They penetrated Bybit by manipulating a publicly available system that exchange used to protect hundreds of millions of dollars in customer deposits. For years, Bybit was based on the storage software, developed by a technology provider called Safe, even after other security firms sold more specialized tools for businesses.
Hack sent cryptocurrencies to a free fall and undermined confidence in the industry at an important time. According to the Crypto-friendly administration of Trump, industry executives are lobbying for the new Laws and regulations of the US on Friday, the White House is planned to host a “cryptos summit” with President Trump and senior industry officials.
Crypto security experts said they were concerned about what Heist discovered about Byb’s security protocols. The losses were “completely preventable”, a security firm wrote in an analysis of the violation, arguing that “should not have happened”.
Safe storage tool is widely used in the cryptocurrency industry. But it is better suitable for cryptocurrencies than the exchanges that treat billions in customer deposits, said Charles Guillemet, an executive at LEDger, a French cryptic security firm that offers a storage system created for companies.
“This really has to change,” he said. “There is an acceptable situation in 2025.”
At Bybit, Hack put 48 hours of frantic hours. The company oversees up to $ 20 billion in customer deposits, but there was not enough ether in hand to cover Losses from Heist $ 1.5 billion. Mr. Zhou, 38, competed to keep business at sea by borrowing from other firms and relying on corporate reserves to meet an increase in withdrawal requirements. On social media, he seemed surprisingly calm, announcing hours after stealing that his stress levels were not “too bad”.
As the crisis unfolds, the price of Bitcoin, a bell for the industry, plunged 20 percent. It was the steep fall since the 2022 failure of FTX, the exchange driven by the shameful Mogul Sam Bankman.
In an interview this week, Mr. Zhou admitted that Bybit had a prior warning of possible problems with Safe. Three or four months before Haku, he said, the company noticed that software was not fully compatible with one of his other security services.
“We must have been updated and leave Safe,” said Mr. Zhou. “We are definitely looking to do it now.”
Rahul Rumalla, the main official of Safe’s products, said in a statement that his team had created new security features to protect users and that Safe’s products were “Treasury spine for some of the largest organizations in space”.
“Our work is not just to fix what happened,” Mr. Rumalla, “but to ensure that the whole space learns from it, so that doesn’t happen again.”
Founded in 2018, Bybit operates as a cryptocurrency market, where daily traders and professional investors can turn their dollars or euros into Bitcoin and Ether. Many investors treat exchanges like Bybit as informal banks, where they deposit cryptocurrency properties for storage.
According to some estimates, Bybit is the world’s second largest crying exchange, processing tens of billions of dollars every day. Dubai -based, offers no customer services in the United States.
On February 21, Mr. Zhou was home in Singapore, finishing some jobs, he said in the interview.
But first, he and the other two leaders had to sign a Cryptocurrency transfer from one account to another. These routine transfers are supposed to be safe: no single person in Bybit can execute them, creating numerous layers of thieves.
However, after the scenes, a group of hackers had already been divided into the Safe system, according to the audit of Hack’s Byb. They had compromised a computer that belonged to a secure developer, said a person with knowledge of the matter, enabling them to plant malicious code to manipulate transactions.
A connection sent through Safe invited Mr. Zhou to approve the transfer. It was a Russian. When he was signed, the hackers seized the account control and stole $ 1.5 billion in cryptocurrencies.
Unexpected exits appeared on Blockchain, a public book of cryptocurrencies. Cryptos analysts quickly identified the culprit as the Lazarus group, a North Korean government -backed Hakim union.
That night, Mr. Zhou went to Byb’s office in Singapore to manage the crisis. He informed Hack on social media and launched a crisis protocol known in companies such as P-1, pressing a button to wake every member of the leadership team
Around 1am, Mr. Zhou appeared on a Livestream on X, shaking a Red Bull. He promised clients that Byb was still solvent.
“Even if this loss of revenge has not been recovered, all customer assets are 1 to 1 supported,” he said in a post. “We can cover the loss.”
These guarantees were not enough. Within hours, said Mr. Zhou, about half of the digital coins deposited on the platform, or nearly $ 10 billion, were withdrawn. The cryptocurrency market plunged.
To limit the damage, other cryptos companies offered to help. Gracy Chen, chief executive of a rival exchange, Bitget, borrowed 40,000 in the ether, or approximately $ 100 million, without seeking any interest or even collateral.
“We have never questioned their ability to turn us back,” Ms. Chen said.
Among the crisis meetings, Mr. Zhou gave a proper comment to X. He shared photos from a health application, showing that his stress levels were surprisingly normal.
“Very focused by commanding all the meetings. Forgotten to stress,” he wrote. “I think it will come soon when I begin to really understand the concept of losing $ 1.5b.”
Following the robbery of Byb, North Korean hackers spread stolen funds on a wide network of online cryptocurrencies, a money laundering strategy they had employed after other HEAT.
“Lazarus Group is at a different level,” wrote Haseeb Qureshi, an enterprise investor, on X after theft.
Security experts blamed Byb for putting themselves at risk. To authorize the routine transfer that led to Hack, said Mr. Zhou, he used a hardware -created hardware tool, the cryptocurrency safety firm. The device was not in the synchronous with safe, he said. So he could not use the tool to check the full details of the transaction he was approved, always a dangerous practice in the crypto world.
“Safe simply doesn’t give you the types of controls you want if you are going to make operational transfers,” said Riad Wahby, a computer engineering professor at Carnegie University and a co -founder of the Cubist security firm.
Mr. Zhou said he wanted him to take action faster to strengthen the protection of Byb. “Now there are many regrets,” he said. “I should have paid more attention in this field.”
However, Bybit continued to function after revenge, elaborating all withdrawals within 12 hours, Mr. Zhou. Not long after the violation, he announced on X that the company was moving about $ 3 billion in cryptocurrency.
“This is the planned maneuver, Fyi,” he wrote. “We’re not hacked this time.”