On February 21, a significant hack targeted the Bybit cryptocurrency exchange, resulting in the theft of over $1.4 billion from an ETH cold wallet. The stolen assets included liquid-staked Ether (STETH), valued at $2,649.95, alongside Mantle Staked ETH (mETH) and various other ERC-20 tokens. This alarming breach was first identified by on-chain security analyst ZachXBT, who detected the incident shortly after it took place.
Following this exploit, ZachXBT advised users to blacklist any addresses linked to the hack. Ben Zhou, the co-founder and CEO of Bybit, confirmed the breach and provided insight into the security implications.
Zhou revealed that approximately one hour prior to the hack, a transfer was made from the exchange’s multisignature wallet to a warm wallet. He explained that the transaction was cleverly disguised to appear legitimate; however, it contained malicious code intended to modify the smart contract logic of the wallet, allowing funds to be siphoned away. In a reassuring statement, Zhou emphasized:
“Rest assured that all other cold wallets are secure. All withdrawals are functioning as usual. I will keep everyone updated as new information arises. We would be grateful for any assistance in tracking down the stolen funds.”
This incident is part of a troubling trend of significant hacks and breaches that have impacted crypto exchanges throughout 2024 and into early 2025.
Zhou later stated, “Bybit remains solvent even if the losses from this hack can’t be recovered; all client assets are backed 1:1, so we can absorb the loss.” In an additional communication on X, the exchange reassured customers, stating that their cold wallets “are fully secure” and confirmed that “all client funds are safe, with operations continuing normally without any interruption.”
Following the revelation of the hack, the value of Ether (ETH) fell by more than 3%, as this breach ranks among the most significant incidents in recent cryptocurrency history, stirring concerns throughout the market.
Rising Security Breaches and Scams in February 2025
The cryptocurrency landscape has seen a surge in hacking incidents and scam-related activities in the initial weeks of February 2025.
On February 14, ZkLend, a money-market protocol based on Starknet, was exploited, resulting in the loss of $9.5 million. According to the cybersecurity firm Cyvers, the attacker bridged these stolen assets to Ethereum and utilized the Railgun protocol in an attempt to launder the funds; however, Railgun managed to revert the stolen assets back.
On February 5, both Jupiter, a decentralized exchange on Solana, and former Malaysian Prime Minister Mahathir Mohamad experienced social media hacks. In these cases, the perpetrators leveraged the compromised accounts to promote fraudulent memecoins.
Shaw Walters, the founder of Eliza Labs, also reported being a victim of a recent social media hack, where the hacker gained control of Walters’ X account and began disseminating scam links. Walters mentioned that the hack transpired despite having two-factor authentication enabled on his account.
This wave of security breaches emphasizes the urgent need for enhanced protective measures within the cryptocurrency industry. Users are encouraged to remain vigilant and prioritize security protocols, as these incidents continue to pose significant risks to their assets.
