‘Worst hack in history’ as $1.5bn in cryptocurrency stolen
Hackers have stolen $1.5bn (£1.19bn) worth of digital money in what could be the biggest-ever cryptocurrency theft.
The Dubai-based Bybit exchange said an attacker gained control of an Ethereum wallet and transferred its holdings to an unidentified address.
The firm, which has more than 60 million users worldwide, said no other wallets were affected and withdrawals were proceeding normally.
“Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” the company’s chief executive officer Ben Zhou said in a post on X.
Heist highlights concerns over crypto industry security
Thomas Moore
@SkyNewsThomas
Anyone who owns crypto may well be feeling a little nauseous after the biggest ever theft of funds by hackers.
Bybit is the second largest cryptocurrency exchange. It would have had careful security protocols.
And yet somehow their systems were penetrated and an as-yet unidentified individual or group made off with around £1.1 billion in assets.
The breach happened while the company was making a routine transfer of Ethereum, the second largest cryptocurrency after Bitcoin, from its offline “cold” wallet to top up its “warm” wallet that covers daily trading.
The transfer needed multiple checks and signatures before it went ahead. Yet the attackers seem to have masked the true destination of the funds, and they vanished.
Forensic investigators are trying to trace the assets, and perhaps even recover them.
They’ll also be looking at how hackers were able to penetrate the company’s security.
Firewalls are increasingly sophisticated, holding hackers at bay. So instead criminals often turn their attack on humans. We are the weak point, vulnerable to social engineering and phishing.
The latest heist underscores concerns about the security of the cryptocurrency industry.
According to blockchain analysists Chainalysis there were 303 hacking incidents in 2024, with assets worth $2.2 billion stolen.
Bybit says clients’ money is covered, either by its other assets or loans.
But many people will be uneasy, particularly as crypto platforms are largely unregulated, unlike banks. And there are no guarantees of people getting their money back.
He said the company received more than 350,000 withdrawal requests following what he described as “the worst hack in history”, adding: “ALL withdraws have been processed.”
The theft could be the largest of its kind, with the previous record reportedly an estimated $620m (£490) of cryptocurrency stolen from the Ronin Network in 2022.
Bybit said its security team, along with forensic experts, was investigating the incident, adding: “We have reported the case to the appropriate authorities.”
The firm said: “All client funds are safe, and our operations continue as usual without any disruption.”