On February 21, 2025, Bybit became the center of the biggest crypto heist in history. Nearly $1.5 billion in Ether was stolen in a single attack. The hackers? North Korea’s Lazarus Group - a well-known, state-backed cybercriminal team that’s targeted exchanges before. But here’s the twist: Bybit didn’t collapse. It didn’t vanish. It paid everyone back - from its own pocket.
That’s not normal. Most exchanges would’ve frozen withdrawals, blamed the users, or quietly shut down. Bybit didn’t. And that’s why this review isn’t just about features or fees. It’s about trust. After a $1.5 billion breach, can you still trust Bybit? Let’s break it down.
What Happened During the Bybit Hack?
The attack wasn’t a brute-force hack. It didn’t crack a server or exploit a software bug. It tricked humans.
According to Chainalysis and security firms like Quant Network, Lazarus used social engineering to compromise Bybit’s supply chain. They injected malware into internal tools used by developers and ops teams. Then, they waited. When the right moment came, they manipulated the system to approve fraudulent withdrawals - all while making them look like legitimate transactions.
The hackers didn’t need to bypass cold wallets. They didn’t need to break multi-signature keys. They just needed someone at Bybit to click "Approve" on a fake request. And they got it.
The breach exposed three critical flaws:
- Insufficient software supply chain verification
- No independent, human-led confirmation for large withdrawals
- Over-reliance on automated signing systems without cross-checks
Security experts were stunned. Cold wallets were supposed to be the gold standard. But if your team can be fooled, even the most secure storage doesn’t matter.
How Bybit Responded - And Why It Matters
Most exchanges would’ve panicked. Bybit acted fast.
Within hours, they halted withdrawals, locked down internal systems, and started tracing the stolen ETH. They didn’t wait for regulators. They didn’t blame users. They announced they’d cover all losses - $1.5 billion - using company reserves.
That’s rare. And expensive. It means Bybit had deep pockets. Or they were betting hard on their brand survival. Either way, it worked. Users got their money back. Withdrawals resumed within days. No mass exodus. No panic sell-off.
They also launched a bounty program: 10% of any recovered funds for ethical hackers and exchanges. Only $43 million was recovered. Still, it showed they were serious about cleaning up.
But here’s the real test: Did users stay? Yes. Trading volume bounced back within weeks. New users signed up. Why? Because Bybit proved they’d protect your money - even when their own systems failed.
Security Measures: Cold Wallets, Multi-Sig, and TSS
Before the hack, Bybit’s security looked bulletproof.
They stored over 95% of user funds in cold wallets - offline, air-gapped, physically secured. The rest was in hot wallets for trading, but even those used multi-signature (multi-sig) setups. That means no single person could move funds. At least three people had to sign off.
They also used Threshold Signature Schemes (TSS), a modern alternative to multi-sig that’s harder to manipulate. TSS splits private keys into fragments, so even if one part is stolen, the full key can’t be rebuilt.
On top of that: two-factor authentication (2FA), hardware security keys, encrypted data transmission, and behavioral monitoring. The system flags weird login times, sudden large withdrawals, or changes to email addresses - then locks the account until manual verification.
So why did the hack still happen?
Because security isn’t just tech. It’s process. And process failed.
The attackers didn’t break the system. They broke the people behind it.
What Changed After the Hack?
Bybit didn’t just patch the hole. They rebuilt the wall.
By October 2025, they rolled out:
- Multi-party code review for all wallet UI updates - no more one-person approvals.
- Subresource Integrity (SRI) on all front-end scripts - if a file is tampered with, the page won’t load.
- Cloud Security Posture Management (CSPM) tools to detect unauthorized AWS key usage - the same way hackers got in.
- Independent transaction verification - every withdrawal over $1 million now requires a live video call with two senior staff members.
- Smart contract permission hardening - fewer permissions, tighter controls, automatic revocation after use.
They also started publishing monthly security audits - something most exchanges never do. Transparency became part of their brand.
Is Bybit Still Safe to Use?
Let’s be clear: no exchange is 100% safe. Not Binance. Not Coinbase. Not Kraken. But Bybit is now one of the most transparent about its risks - and its fixes.
Here’s the bottom line:
- If you care about speed and low fees - Bybit still leads. Spot trading fees are 0.1%, derivatives as low as 0.02%.
- If you care about features - they offer leverage up to 100x, copy trading, staking, and a solid mobile app.
- If you care about security - they’ve gone further than almost any other exchange since the hack.
But here’s the trade-off: You’re still trusting a company with your money. Even with all their upgrades, you’re relying on their people, their processes, their culture. If they slip again, you’re back at square one.
That’s why experts now recommend a hybrid approach: keep your biggest holdings in self-custody (like a Ledger or Trezor), and only keep what you’re actively trading on Bybit.
Self-Custody vs. Exchange Custody - What’s Better?
After the hack, a lot of people started asking: "Should I just keep my crypto in my own wallet?"
The answer? It depends.
Self-custody means you control the keys. No one can freeze your funds. No one can steal them unless they break into your house or trick you into giving up your seed phrase. But if you lose your password? Gone forever. If you send ETH to the wrong address? Gone forever.
Exchange custody means someone else protects your money - but only if they’re good at it. Bybit proved they can be good. But they also proved they can fail.
Most experienced traders now split their assets:
- 5-10% on Bybit for active trading
- 90-95% in hardware wallets, with multi-sig setups for large holdings
It’s not about trusting or not trusting Bybit. It’s about not putting all your eggs in one basket - even if that basket is labeled "the most secure."
Final Verdict: Should You Use Bybit in 2025?
Yes - but with eyes wide open.
Bybit is still one of the top exchanges for trading volume, derivatives, and user experience. Their interface is clean, their liquidity is deep, and their customer support is responsive.
After the biggest hack in crypto history, they didn’t run. They didn’t hide. They paid up. They improved. They published their fixes.
That’s not something you can say about most platforms.
But if you’re new to crypto? Start small. Don’t dump your life savings into Bybit. Use it for trading, not storage. Learn how to use a hardware wallet. Understand seed phrases. Treat every exchange like a temporary vault - not a bank.
Bybit didn’t survive the hack because they were perfect. They survived because they took responsibility. And in crypto, that’s worth more than any security feature.
Was Bybit hacked in 2025?
Yes. On February 21, 2025, the Lazarus Group stole nearly $1.5 billion in Ether from Bybit using social engineering and supply chain attacks. The exchange compensated all users from its own funds and resumed operations within days.
Is Bybit safe to use after the hack?
Bybit has significantly upgraded its security since the breach. They now require multi-party approvals for large withdrawals, use Subresource Integrity to prevent front-end tampering, and monitor cloud infrastructure for unauthorized access. While no exchange is 100% safe, Bybit is now one of the most transparent and proactive in improving its defenses.
Did Bybit lose money from the hack?
No - users didn’t lose money. Bybit covered the full $1.5 billion loss using its company reserves. This was a rare move in the crypto industry and helped maintain user trust. However, the company’s financial reserves were significantly reduced, and its long-term profitability is now under closer scrutiny.
Can I get my money back if Bybit gets hacked again?
There’s no guarantee. Bybit compensated losses from the 2025 hack using its own funds, but that was a business decision - not a policy. Future losses may not be covered unless the company has the reserves and chooses to act. Always assume exchanges can fail. Keep only what you’re actively trading on them.
What’s the best way to store crypto after the Bybit hack?
Use a hybrid approach: keep 5-10% of your holdings on Bybit for trading, and store the rest in a hardware wallet like Ledger or Trezor. For larger amounts, consider multi-signature wallets that require multiple approvals to move funds. Never store large sums on any exchange - even one that’s "secure."
Why didn’t Ethereum roll back the blockchain to undo the hack?
Rolling back the Ethereum blockchain would’ve required consensus from nearly every node, miner, and developer - and would’ve set a dangerous precedent. It would mean centralized control over a decentralized system. Developers and the community rejected the idea as technically intractable and philosophically dangerous to crypto’s core principles.
How does Bybit compare to Binance or Coinbase in security?
Before the hack, Bybit’s security was similar to Binance and Coinbase - cold storage, multi-sig, 2FA. After the hack, Bybit went further: they added live video verification for large withdrawals, mandatory code reviews, and real-time cloud monitoring. Binance and Coinbase haven’t publicly disclosed similar upgrades. Bybit’s transparency post-breach gives it an edge in trust, even if their core tech isn’t radically different.
Kevin Karpiak
This is why America needs to ban foreign crypto exchanges. If a North Korean state actor can hit a US-based platform, we're already losing.