Exchanges pocket: what the biggest $1 billion cryptojacking will lead to

If hacks of cryptocurrency exchanges become a regular occurrence, funds from them may flow to decentralized platforms and so-called cold wallets, according to experts interviewed by Izvestia. In their opinion, the best way out would be for Russians to have their own domestic platform. The issue of cybersecurity of wallets became acute after the largest ever hack of a cryptocurrency exchange - ByBit accounts on February 21 stole more than $1 billion worth of Etherium. However, the exchange has already assured that only its own funds were affected, and the coins of all users are safe and available for withdrawal. What kind of group is behind the hack and whether you can believe the messages ByBit - in the material "Izvestia".

Hacking the ByBit exchange: how it was

About the hacking of one of the wallets of the crypto exchange ByBit was first reported by the crypto detective ZachXBT in the evening on Friday, February 21. The information was then confirmed by the head of the platform Ben Zhou in his social network X account.

"About an hour ago, crypto exchange ByBit had one of its Ethereum cold wallets hacked. The hackers tricked the system by showing signers a fake interface," the crypto exchange's head wrote.

Photo: Getty Images/NurPhoto

According to him, the operation looked normal - the correct address and a familiar site were specified. However, in reality, the hackers signed not a normal transaction, but a change in the rule of the wallet, which allowed them to take control of it and withdraw all the money to an unknown address. That is, when signing, all participants saw the correct address, but actually confirmed the change in the smart contract, and as a result, the funds went to the hackers' wallets.

Initially, the damage was estimated at almost $1.5 billion, Bloomberg reported. However, after reports of the hack, Ethereum began to fall in value. On Friday, the rate collapsed by 5% - from $2.8 thousand per coin to $2.6 thousand, according to TradingVeiw. As a result, the theft is estimated at more than $1 billion.

According to experts, the attack was the largest in the history of the crypto-industry. Before that, the largest was considered the hack of Ronin Network on March 23, 2022, when $600 million was stolen.

Photo: Global Look Press/Silas Stein

This time, the funds were stolen from the cryptocurrency wallet of ByBit itself. As Ben Zhou assured in his message, the other wallets are safe and all cryptocurrency withdrawals are operating normally. According to ByBit, customer assets are fully secured "one-to-one", and even if the stolen funds cannot be recovered - the losses will be covered by the platform itself.

ByBit is the second largest crypto exchange by trading volume after Binance and one of the largest crypto asset trading platforms in the world. In January 2025, it accounted for more than 6% of the global cryptocurrency trading volume.

At the same time, the platform was one of the most popular in Russia and CIS countries: Kyrgyzstan, Armenia, Tajikistan, Belarus, Georgia, listed the founder of Anderida Financial Group Alexei Tarapovsky.

Who is behind the ByBit hack

Over the weekend, ByBit called on "the brightest minds" to help catch the hackers who broke into the service and stole funds from it, the company said on its website. The platform specified that the person who will contribute to the capture of criminals will be paid 10% of the amount that will be recovered with his help - the reward could be up to $140 million.

ZachXBT, which was the first to draw attention to the hack, estimates that the Lazarus Group, a North Korean-linked hacker group, is behind the attack. The crypto detective made this conclusion because the hacking method is similar to the one used against another exchange, Phemex, in January ($29 million worth of cryptos were stolen then). In both cases, the same wallet addresses were also behind the withdrawals.

Photo: IZVESTIA/Sergey Lantyukhov

The North Korean group Lazarus has been operating since 2007 and is traditionally considered pro-state, experts from the cyberintelligence department of the F6 company told Izvestia. Initially, its attacks were directed against South Korea, but over time the geography and target industries have expanded significantly. At various times, this criminal group has been seen for espionage and embezzlement attacks.

Photo: Izvestia/Anna Selina

- One of the first high-profile Lazarus operations in the financial sector was an attack on the Bangladesh Central Bank in 2016. Then the attackers tried to withdraw $1 billion, but part of the operations were blocked in time, but the bank failed to return $80 million," the experts recalled.

In 2017, cryptocurrency began to gain popularity, and the Lazarus group changed the vector of attacks from banks to cryptocurrency services. The first targets were three cryptocurrency exchanges in South Korea, in total the attackers managed to steal 3,816 bitcoins worth about $5 million at the exchange rate at the time.

When the Etherium exchange rate will recover

After extraordinary incidents on cryptocurrency exchanges, it takes two to three months for the market capitalization to recover, BitRiver Communications Director Andrei Loboda estimated. However, Etherium over the weekend has already recovered some of the losses, again approaching the $2.8 thousand mark.

Photo: Getty Images/CFOTO

The expert noted that bitcoin is stable, but the investment sentiment of market participants is still restrained. However, this is due not only to the hack, but also to other factors - in particular, the actions of Donald Trump and the lack of news about the creation of a reserve fund in cryptocurrency in the United States.

Is cryptocurrency so safe

Of course, first and foremost, the incident is image damage and loss of investor confidence, said Alex Tarapovsky of Anderida Financial Group. Moreover, this is likely to be a case where the problems of one participant cast a shadow over the entire market. Cryptocurrency has never been a low-risk instrument, but such attacks cannot be called the risk that investors were expecting.

The ByBit hack confirms that cryptocurrency exchanges remain vulnerable despite blockchain technology, said Oleg Kalmanovich, chief analyst at Neomarkets. While the blockchain itself is still considered secure, centralized platforms that store users' assets are being targeted for attacks.

- The incident with ByBit may undermine confidence in centralized exchanges and strengthen the trend towards decentralized platforms (DEX), where users control their funds directly," the expert believes.

Photo: Izvestia/Pavel Volkov

However, according to him, cybersecurity technologies continue to develop, and hacks only push the industry towards new solutions. In the future, we can expect stronger protection measures, new security standards and greater transparency of cryptocurrency platforms' operations.

- In addition, after this incident, we can expect that storing funds on "cold wallets" will become more popular. "Cold wallets" provide a high level of security, as assets are stored offline and are inaccessible to online attacks. Users seeking to protect their funds may prefer this method of storage, which will lead to an increase in demand for such solutions," emphasized Oleg Kalmanovich.

Although one-time hacking incidents may not cause a strong outflow of funds, regular incidents risk significantly affecting trust in centralized exchanges and hot wallets, he summarized.

Photo: Izvestia/Anna Selina

The key tool to minimize risks for Russian participants in the international cryptocurrency market is to store funds on a domestic digital platform, said Andrey Loboda of BitRiver.

- Russia has in fact become a global technological IT power, ranking second in the world in terms of cryptocurrency mining. Its cybersecurity technologies and practices are in many ways superior to other leading global market players," the expert believes.

According to him, it will take a few more years for fast-growing cryptocurrency exchanges to perfect corporate governance, compliance and IT security. These are traditionally weaknesses, and risks in this area must be effectively leveled in the shortest possible time.