On February 21, 2025, Bybit experienced a massive security breach. Hackers stole approximately $1.46 billion in Ethereum (ETH) from a cold wallet, which makes it the largest single theft in cryptocurrency history.
Bybit reported that the attack occurred during a routine transfer from an offline “cold” wallet to an online “warm” wallet. The hackers used a complex method to manipulate the wallet’s smart contract that allowed them to take the funds.
Bybit’s CEO, Ben Zhou, also stated that the exchange had enough money to keep running and that user funds are also safe, but the event raised serious concerns about the safety of centralized exchanges.
During the hack, blockchain investigator ZachXBT stated that there is an unusual transfers of $1.46 billion worth of ETH, including tokens like mETH and stETH.
The stolen funds were then split into many smaller amounts: 10,000 ETH went to 39 wallets, and another 10,000 ETH went to nine more wallets. By February 26, 2025, the U.S. Federal Bureau of Investigation (FBI) linked the hack to North Korea’s Lazarus Group. This is a well-known hacking team.
This theft was much larger than past incidents, such as the $600 million Ronin Network hack in 2022, and showed how serious the threat to exchanges has become.
How the Hackers Breached Bybit: Technical Explanation
The attackers employed a complex technique referred to as a “smart contract replay attack” to make off with the money. Technically, this attack takes advantage of vulnerabilities in the way smart contracts process transactions on the Ethereum network.
Bybit’s cold wallet uses a multi-signature smart contract. This needed several approvals in order to transfer funds. The hackers discovered a vulnerability in the contract’s code that enabled them to reuse or “replay” a valid transaction so as to deceive the system.
Here’s the hacking process: First, the attackers tracked Bybit’s wallet movement and found a legitimate transaction transferring ETH from the cold wallet to the hot wallet. The transaction was signed using the proper private keys and adhered strictly to the contract’s rules.
The attackers then proceed to create a false transaction that mimics the original’s details. This consisted of the same unique code (a “nonce”), but the destination address was altered to one belonging to the hackers. Typically, the blockchain would reject identical transactions, but in this case, the hackers employed a process called “transaction malleability”. This allows them to slightly modify the digital signature of the transaction without modifying its fundamental information, and that makes it appear new to the system.
The modified transaction was then posted to the Ethereum network simultaneously with an event of network congestion. This congestion was most probably created by the hackers themselves with a transmission flood of small transactions. The smart contract treated it as legitimate and subsequently sent $1.46 billion worth of ETH to the attackers’ wallet. Before Bybit’s security team could detect it, the funds had already been transferred.
BTCC Exchange: A Safe and Reliable Crypto Trading Alternative
BTCC is a cryptocurrency exchange founded in 2011, and it has operated without a single security breach for 14 years. It provides trading for Bitcoin, Ethereum, and other cryptocurrencies to users worldwide. The platform stands out as a trusted crypto-trading alternative after Bybit’s $1.46 billion loss.
The exchange provides spot trading and futures trading. Futures trading allows bets on future prices with up to 500x leverage. BTCC supports over 300 trading pairs, such as BTC/USDT and ETH/USDT, which gives users many options.
BTCC keeps user funds safe with strong security. The exchange stores most user funds in offline cold storage. It uses multi-signature wallets requiring three approvals for withdrawals. BTCC conducts audits every six months with firms like Hacken, proving 100% collateral for user assets.
Read our detailed BTCC exchange review here.
No Security Breaches in 14 Years
BTCC’s strong point is its flawless security track record since 2011. In more than 14 years, it has never experienced the hacking that happened at other exchanges, like Mt. Gox in 2014, which had a loss of $500 million, or Bitfinex in 2016, which had a loss of $72 million.
In 2024, crypto exchanges collectively lost $2.2 billion to hacks, a 21.1% increase from the $1.8 billion they lost in 2023. Yet BTCC has never once been hacked, which shows the resilience of BTCC to secure money from users.
BTCC has a number of safety precautions. The majority of user funds are stored in cold storage, offline and secure from hackers. It also employs multi-signature wallets, which require multiple signatures to transfer money. There are regular security audits, advanced encryption, and round-the-clock monitoring to add to the layers of protection. With hackers such as the Lazarus Group pilfering billions, BTCC’s measures prove effective.
Welcome Bonus of 10,055 USDT
BTCC also offers new users a sign-up bonus of 10,055 USDT. This is much larger than typical bonuses, which are usually between $10 and $50. Users can claim it after signing up and verifying their accounts, then use it for trading or withdraw it after meeting basic requirements.
Final Thoughts
In a nutshell, BTCC is a safe and trusty cryptocurrency exchange. BTCC has run for 14 years without a single hacking incident, compared to Bybit, which suffered a loss of $1.46 billion in February 2025. BTCC stores the majority of funds with cold storage and multi-signature wallets to safeguard customers.
BTCC provides over 300 trading pairs and futures with up to 500x leverage to cater to varied trading demands. BTCC gives new users a 10,055 USDT bonus, much higher than the typical $10 to $50 incentives.
