The Bybit Hack: A Harsh Reminder of the Dangers in Crypto

Associated Press

17-03-2025

The Bybit Hack: A Breakdown and Lessons To Can Take from These Attacks
DETROIT, MI, UNITED STATES, March 17, 2025 / EINPresswire.com / -- In February 2025, the cryptocurrency world was rocked by yet another major hack —this time targeting Bybit, one of the largest crypto exchanges. The attackers, later identified as North Korea's infamous Lazarus Group, siphoned off approximately $1.5 billion in digital assets using a sophisticated phishing scheme.
For Brian Oakes, author of UNDERMINED, the news stirred a familiar pit in his stomach. This wasn't just another headline—it was a painful echo of his own nightmare. In his book, Oakes details his experience of losing a fortune in crypto to cybercriminals. Reading about the Bybit attack brought back haunting memories, as the eerie similarities to his own story replayed the day he watched his life savings vanish.
On February 21, 2025, Bybit's CEO, Ben Zhou, initiated what should have been a routine transfer of 40,000 Ethereum (ETH). But something was off. Unbeknownst to Zhou, hackers had already infiltrated the system, deploying an advanced phishing scheme that perfectly mimicked the exchange's interface. In mere moments, 401,000 ETH—worth roughly $1.5 billion—was gone.
As an early crypto investor and miner, Oakes understands firsthand how devastating a loss like this can be. The FBI later confirmed that the Lazarus Group was behind the attack—the same North Korean-backed hackers responsible for numerous cyber heists. Their operation, dubbed 'TraderTraitor,' once again proved just how vulnerable the crypto industry remains, despite years of hard lessons.
How This Mirrors Oakes' Own Experience
The Bybit breach was strikingly similar to the attack chronicled in UNDERMINED, where Oakes fell victim to a sophisticated assault that drained over 500 Bitcoin and other assets, resulting in a staggering $31.5 million loss.
Although the methods differed, the end result was the same: financial devastation and an uphill battle to seek justice. Just as Bybit's security measures were outmatched, Oakes had been caught off guard by the complexity and precision of the attack. In his case, the hacker exploited vulnerabilities in his mobile carrier's security, intercepting SMS verification codes to gain access to his exchange accounts and email. Within minutes, everything he had built was gone.
Lessons Learned from These Attacks
Both the Bybit hack and Oakes' personal ordeal highlight a painful truth: cryptocurrency remains a prime target for cybercriminals, and neither exchanges nor investors are ever completely safe.
Key takeaways from both experiences include:
• Hackers Are Always Evolving: Whether through phishing, SIM-swapping, or social engineering, cybercriminals continually develop new methods to bypass security measures.
• Exchanges Are Not Impenetrable: No matter how large or reputable an exchange is, it remains vulnerable. While decentralization and self-custody may offer greater security, they also come with their own risks.
• Security Must Be Personal: Whether an individual investor or the operator of a billion-dollar exchange, robust personal security is the last line of defense. Multi-factor authentication, hardware wallets, and avoiding SMS-based verification are crucial steps to mitigating risk.
•
A Call for Change
If there's one thing Oakes has learned from his own loss—and from major hacks like Bybit's—it's that the crypto industry must do better. Exchanges need to implement stronger security protocols, and users must take additional precautions to protect their assets. For those who have experienced this kind of loss, it's never just about money—it's about their future, their security, and in many cases, their life's work.
The Bybit hack serves as yet another grim reminder of the lessons explored in UNDERMINED: in the world of cryptocurrency, trust is fragile, and without proactive security measures, everything can be lost in an instant.
Sari M Cicurel
+1 248-766-0945
X
LinkedIn
Other
Legal Disclaimer: