The night of Febore 21, Ben Zhou, executive director of the Bybit cryptocurrency platform, Inition on his computer to approve what looked like a routine transaction. His company was passing a lot of Ether, a popular digital currency, from one account to another.
Thirty minutes later, Zhou received a call from the financial director of Bybit. With a trembling voice, the executive told Zhou that his system had been hacked.
“All Ethereum left,” he said.
When Zhou approved the transiation, wanting without cediotic the control of an account to the computer pirates backed by the North Korean government, according to the FBI. They stole 1500 million dollars in cryptocurrencies, the mayor robbery in the history of this industry.
To achieve this amazing robbery, the hackers of the hackers of the hackon without simple defect in the security of Bybit: their dependence on a product of a free software. They penetrated bybit manipulating a public access system that the stock market used to safeguard hundreds of millions of dollars in customer deposits. For years, Bybit had confused his storage software, developed by a technology tester called Safe; Even when other security companies sold more specialized tools for companies.
The hacking caused a free fall in cryptocurrency markets and undermined confidence in the sector at a crucial moment. Under Trump’s government, which is favorable to cryptocurrencies, sector executives are pressure -for new US laws and normacive that facilitates people to invest their savings in dignified currencies. On Friday, the White House is expected to organize a “cryptographic summit” with President Trump and high positions of the industry.
Cryptocurrency security experts said they were worried about what the robbery had revealed about Bybit’s security protocols. The losses were “complete avoidable”, a security company is written in an analysis of the Indeña, ensuring that “it should not have happened.”
Safe’s storage branch is widely used in the cryptocurrency industry. However, it is more appropriate for crypto -fiction than for platforms that handle billions of customer deposits, said Charles Guillemet, Ledger executive, a French cryptocurrency security company offered by a storage system designed for companies.
“Est really has to change,” he said. “It is not a situation that is acceptable in 2025”.
In Bybit, the hacking marked the start of 48 frantic hours. The company supervises up to 20,000 million dollars in customer deposits, but did not have enough Ether at hand to cover the losses generated by the theft of 1500 million dollars. To keep the business afloat, Zhou, 38, hastened to ask for loans to other companies, in addition to resorting to corporate reserves to deal with a wave of fund withdrawal applications. In social networks there was surprisingly relaxed, announcing a few hours after the theft that their stress levels were not “too much Mal”.
As the crisis was developed, the price of bitcóin, a reference for the sector, collapsed 20 percent. It was the most pronounced fall since bankruptcy in 2022 of FTX, the platform led by the discredited tycoon Sam Bankman-Friel.
In an interview granted this week, Zhou acknowledged that Bybit had realized in advance that there were potential problems safely. Three or four months before hacking, he said, the company observed that the software is not a total compatible era of its security services.
“We should have updated and away from Safe,” Zhou said. “Now we definitely have, the intention of doing so.”
Rahul Rumalla, product director of SAFE, said in a statement that his team had habit of new functions
“Our work is not just to fix what happened,” said Rumalla, “but to ensure that the sector learns from that, so that it does not happen again.”
Founded in 2018, Bybit functions as a cryptocurrency market, where intradic operators and professional investors can turn their dollars or euros into bitcóin and Ether. Many inverse treat silver as Bybit as informal banks, where they deposit their cryptocurrencies for their custody.
According to some estimates, Bybit is the second largest cryptocurrency exchange platform in the world, and processes tens of billions of dollars every day. Dubai headquarters, it does not offer services to customers from the United States.
On February 21, Zhou was at his home in Singapore, finishing some work, he said in the interview.
But before, the two other executives had to approve an argento of cryptocurrencies from one account to another. These routine transfers are supposed to be safe: no Bybit person can execute them alone, which creates multiple layers of thieves protection.
However, in the shadows, a group of hackers had already entered the SAFE system, according to the Audit of Hacking by Bybit. According to a person with knowledge of the matter, he had violated a computer that belonged to a SAFE developer, which allowed them to introduce elderly code for manipular transactions.
A link sent through Safe invited Zhou to approve the transfer. It was a trap. When he was approved, the hacker hackers control the account and stole 1500 million dollars in cryptocurrencies.
Repentines output flues appeared in the block chain, a public registry of cryptotransactions. Cryptanalists quickly identify the Lázaro group, a group of hackers backed by the North Korean government, such as the culprit.
That night, Zhou went to the Bybit office in Singapore for management the crisis. He announced the hacking on social networks and launched a known crisis protocol in the company as P-1, pressureing a conversion button to all members of the management.
Around 1:00 am, Zhou appeared in a live broadcast there he assured customers that Bybit was still solvent.
“Even if the losses of this hack do not recover, all customer assets are backed 1 to 1,” he said in a publication. “We can cover the loss.”
The statements of those were not enough. In a matter of hours, Zhou said, approximately half of the digital currencies deposited on the platform, or about 10,000 million dollars, had retired. The cryptocurrency market collapsed.
To limit Deness, other cryptocurrency companies offered to help. Gracy Chen, executive director of a rival bag, Bitget, lent Bybit 40,000 in Ether, or about 100 million dollars, without requesting interests or even guarantees.
“We never questioned his ability to return the money,” Chen said.
Among the crisis meetings, Zhou provided a series of comments in X. He shared screenshots of a health application, which showed that their stress levels were normal deaf.
“Too focused, directed all meetings. I got away from stressing me, ”he scratched. “I think that will come soon, when the concept of pperder 1500 million dollars begins to assume.”
After looting Bybit, North Korean hackers distribute stolen funds through an extensive network of online cryptocaries, a money laundering strator that had already used after ootros robberies.
“Grupo Lázaro is at another level,” he prescribed at X Haseb Qureshi, a risk investor, after theft.
The experts in followed blame Bybit for having been exposed. To authorize the routine transfer that leads to hacking, said Zhou, used a hardware tool designed by LEDger, the cryptocurrency security company. The device was not synconized with Safe, he said. That is why he could not use the tool to check all the detless transaction that was bulging, something always risky in the world of cryptocurrencies.
“Safe does not offer you the type of controls that you would be if you are doing operations transfers frequently,” said Riad Wahby, a professor of computer engineering at the Carnegie Mellon University and co -founder of the digital follow -up company Cubist.
Zhou said he would have taken measures before to strengthen bybit’s defenses. “Now I regret many things,” he said. “I should have lent more atnnon an aspect of this.”
Even so, Bybit followed functions and despises of hacking, processing all retreats in less than 12 hours, Zhou said. Shortly after the gap, he announced in X that the company was managing another 3000 million dollars in cryptocurrencies.
“That is clear, this is a planned maneuver,” Secr. “This time they haven’t hacked us.”
David Yaffe-Bellany Ercribe about the cryptocurrency sector from San Francisco. You can write to Davidyb@nytimes.com. More by David Yaffe-Bellan
