Vulnerabilities in Bybit and other CEXs Causing Financial Losses
In a stark reminder of the ever-present threat of cybercrime in the cryptocurrency landscape, the Bybit hack in 2025 stands out as one of the most significant incidents this year. The North Korea-based Lazarus Group, known for its sophisticated tactics, was responsible for the theft of approximately $1.5 billion worth of Ethereum tokens from Bybit on February 21st.
The Mid-Year 2025 Crypto Crime Report 2025 reveals that about 75% of cryptocurrency losses this year can be attributed to one hack at Bybit and 10 other centralized exchange (CEX) attacks, totaling approximately 2.17 billion. Other breaches at exchanges like SmartEx, Nobitex, and BitoPro further highlight the widespread vulnerability of CEX platforms.
The Bybit hack, like many other 2025 incidents, was primarily executed through social engineering, insider access, and compromised signature machines. Attackers used sophisticated phishing campaigns targeting exchange employees, enabling access to critical systems, including signature authorization machines. Lazarus Group also exploited access from compromised insiders or bribed contractors to bypass security controls.
The high liquidity of these platforms, combined with systemic infrastructure weaknesses such as hot wallets and admin keys, makes them prime targets. Stolen funds from CEX hacks are rapidly moved across multiple blockchains using cross-chain bridges, token swaps, and privacy mixers such as Tornado Cash to obscure provenance and evade tracing.
The attacks on Bybit and other CEXs have contributed to the surge of crypto crime in 2025, challenging the assumption that decentralized finance (DeFi) is the major target. Human error remains a significant risk, even when technical defenses are in place. Insider access and phishing attacks were the primary causes of the majority of the heists, including the Bybit hack.
The evolving threat landscape underscores how state-affiliated actors wield cybercrime as a tool of geopolitical strategy and financial gain through high-value, high-liquidity CEX targets. The report warns of the danger involved in centralized exchanges, as opposed to the perceived safety of decentralized finance. It is a reminder for the industry to strengthen its defences and prioritize security measures to protect against these sophisticated attacks.
- The Bybit hack, involving the loss of $1.5 billion worth of Ethereum tokens, is a prime example of the significant cybersecurity threats facing the cryptocurrency industry, as revealed in the Mid-Year 2025 Crypto Crime Report.
- The high liquidity and systemic infrastructure weaknesses of centralized exchange platforms, such as hot wallets and admin keys, make them attractive targets for cybercriminals, like the Lazarus Group, who are responsible for the Bybit hack.
- Despite the widespread belief that decentralized finance (DeFi) is the major target for crypto crime, the attacks on centralized exchanges, like Bybit, have contributed to the surge of crypto crime in 2025.
- Human error, through social engineering, insider access, and phishing attacks, poses a significant risk, even with technical defenses in place, as seen in the Bybit hack and many other incidents in 2025.
