How Crypto Exchange Bibit lost $ 1.5 billion for North Korean hackers

On the night of 21 February, Ben Jhou, Chief Executive Officer of the Cryptocurrency Exchange Bibit, was logged on to his computer, which appeared as a regular transaction. His company was carrying a large quantity of ether, a popular digital currency, from an account to another.

Thirty minutes later, Mr. Jhou to A call out From the Chief Financial Officer of Bybit. In a trembling voice, the executive told Mr. Jhou that his system was hacked.

“All of the atherium have gone,” he said.

When Mr. Jhou approved the transaction, he unknowingly handed over an account control to hackers supported by the North Korean government, FBI He stole $ 1.5 billion in cryptocurrency, the largest successor in the history of the industry.

To draw stunning violations, hackers exploited a simple defect in the safety of the bible: its dependence on a free software product. He manipulated a publicly available system and entered the bibit, which was used to protect hundreds of million dollars in customer deposits. For years, bybit had rely on storage software, developed by a technology provider SafeEven other security firms sold more specific equipment for businesses.

Hack reduced the Crypto markets at an important time and reduces confidence in the industry. Under the Crypto-Freedy Trump Administration, industry officials are advocating new American laws and rules that will make it easy for people to save their savings in digital currencies. On Friday, the White House is Scheduled To host a “Crypto Summit” with President Trump and top industry officials.

Crypto security experts said they were worried about what the heir told about the safety protocol of the bifet. Damage “fully stopped”, a security firm wrote In analysis of violations, arguing that it should not have “not.”

Safe storage tools are widely used in the crypto industry. But this customer is better suited to the crypto hobbist than exchanges to handle billions in deposit, Charles Guilmet said, a French crypto security firm, an executive of laser offers a storage system designed for companies.

“It really needs to change,” he said. “This is not an acceptable position in 2025.”

In Bybit, Hack frantic 48 hours. The company oversees $ 20 billion in customer deposits, but did not have enough ether on the hand to cover a loss of $ 1.5 billion. The 38 -year -old Mr. Jhou raced to protect the business by drawing at the corporate reserves to borrow from other firms and to fulfill the requests of return. On social media, he was surprisingly resting, announcing a few hours after the theft, that his stress level was there. “Not so bad.”

As the crisis came to light, the price of a bellweather bitcoin for the industry was 20 percent. It was Quick Drop since 2022 failure of FTX, the exchange run by infamous Mogul Sam Bankman-Fride.

In an interview this week, Mr. Jhou admitted that Bibit had an advance warning about potential problems with safe. Three or four months before the hack, he said, the company noticed that the software was not fully compatible with one of its other security services.

“We should upgrade and go away from safe,” said Mr. Jhou. “We are definitely trying to do so now.”

Safe Chief Excise Officer Rahul Rumla said in a statement that his team had created new security facilities for the safety of users and Safe’s products “were Treasury backbones for some of the largest outfits in space.”

“Our job is not just to decide what happened,” Mr. Rumla said, “but to ensure that the whole place learns from it, so it does not happen again.”

Established in 2018, bybit operates as a crypto marketplace, where day traders and professional investors can convert their dollars or euros into bitcoin and ether. Many investors consider exchanges such as informal banks, where they deposit crypto holdings to keep safe.

With some estimates, bybit is from the world Second largest crypto exchangeProcessing of tens of billions of dollars every day. Located in Dubai, it does not provide services to customers in the United States.

On 21 February, Mr. Jhou was at home in Singapore, finishing some work, he said in the interview.

But first, he and two other officers needed to sign the transfer of cryptocurrency from one account to another. These routine transfer is considered safe: No person in the bible can execute them, causing many layers of safety from the thieves.

Behind the curtain, however, a group of hackers had already broken into safe system, according to the bibit Hack auditHe compromised a computer related to a safe developer, said by a person with knowledge of the case, which enabled him to impose malicious code to manipulate transactions.

A link sent via Safe invited Mr. Jhou to approve the transfer. It was a stop. When he signed, hackers confiscated the account control and stole $ 1.5 billion in Crypto.

A sudden outflow appeared on a public bookkeeping blockchain of Crypto transactions. Crypto analyst Quickly identified Criminals as Lazarus Group, a hacking syndicate supported by the North Korean government.

That night, Mr. Zhou went to the Bibit’s Singapore office to manage the crisis. He announced hack on social media and started a crisis protocol known as P -1 in the company, which presses a button to awaken each member of the leadership team.

Around 1 o’clock, Mr. Jhou appeared On a livestream on X, rotating a red bull. He promised customers that Bybit was still solvent.

“Even if this hack is not recovered, all clients assets are supported from 1 to 1,” he Said In a post. “We can cover the loss.”

Those assurances were not enough. Within hours, Mr. Jhou said, about half of the digital currencies deposited on the platform, or close to $ 10 billion, were withdrawn. Crypto market collapsed.

To limit the damage, other crypto companies offered to help. Grassi chain, the chief executive of a rival exchange, between the bitgate, 40,000 in the ether, or about $ 100 million, without requesting any interest or collateral.

Ms. Chen said, “We never questioned her ability to pay us back.”

In the midst of crisis meetings, Mr. Jhou presented a running commentary on X. they shared Screenshot From a health app, showing your stress levels was surprisingly normal.

“Focused on all meetings. Forgot stress, ”he wrote. “I think it will come soon when I really start understanding the concept of losing $ 1.5B.”

After robbing Bybit, North Korean hackers spread the stolen funds on a huge web of the online crypto wallet, a money-laundering strategy that he had employed even after other heirs.

“The Lazarus Group is at another level,” an enterprise investor Haseeb Qureshi, wrote After the theft on X.

Security experts blamed Bybit for risking themselves. To authorize routine transfer due to hack, Mr. Jhou said, he used a hardware tool designed by Crypto Security firm, laser. The device was not in the sink with safe, he said. So he could not use the equipment to check the complete details of the transaction he was applying, always a risky practice in the Crypto world.

Riyad Wahbi, a computer engineering professor and co-founder of the Digital Security firm Cubist, a computer engineering professor at Carnegie Melan University, said, “Safe does not just control you types that you want that you are going to make operational transfer often.”

Mr. Jhou said that he wants him to take action to rescue the bible soon. “Now there is a lot of regrets,” he said. “I should have paid more attention to this region.”

Nevertheless, bybit continued to work after hack, Processing All the withdrawal within 12 hours, Mr. Jhou said. Not a long time after violation, he Announced The company on X was moving around another $ 3 billion in Crypto.

“This is a planned maneuver, fyi,” he wrote. “We are not hack this time.”