The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
Contents
The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
Two weeks ago at the DeFi Security Summit, Trail of Bits’ Josselin Feist (@Montyly) was asked if we’d see a billion-dollar exploit in 2025. His response: “If it happens, it won’t be a smart contract, it’ll be an operational security issue.”
Today, that prediction was validated.
The Attack
On February 21, 2025, cryptocurrency exchange Bybit suffered the largest cryptocurrency theft in history when attackers stole approximately $1.5B from their multisig cold storage wallet. At this time, it appears the attackers compromised multiple signers’ devices, manipulated what signers saw in their wallet interface, and collected the required signatures while the signers believed they were conducting routine transactions.
This hack is one of many that represent a dramatic shift in how centralized exchanges are compromised. For years, the industry has focused on hardening code and improving their technical security practices, but as the ecosystem’s secure …
Two weeks ago at the DeFi Security Summit, Trail of Bits’ Josselin Feist (@Montyly) was asked if we’d see a billion-dollar exploit in 2025. His response: “If it happens, it won’t be a smart contract, it’ll be an operational security issue.”
Today, that prediction was validated.
The Attack
On February 21, 2025, cryptocurrency exchange Bybit suffered the largest cryptocurrency theft in history when attackers stole approximately $1.5B from their multisig cold storage wallet. At this time, it appears the attackers compromised multiple signers’ devices, manipulated what signers saw in their wallet interface, and collected the required signatures while the signers believed they were conducting routine transactions.
This hack is one of many that represent a dramatic shift in how centralized exchanges are compromised. For years, the industry has focused on hardening code and improving their technical security practices, but as the ecosystem’s secure …