The crypto world is awash with stories, theories and opinions on the Bybit hack that cost the exchange $1.4b in stolen Ethereum. Rather than post one story, we'll link to the ones that those of us here at Robo Sentry have found most inormative and helpful to understand what happened, and how this can be prevented.

But first, a summary:

Bybit $1.4b Hack Summary

The feb 2025 Bybit hack has, to date, been the largest crypto heist ever.

This is a timeline of events, how approximately 401,347 Ethereum (ETH), valued at over $1.4 billion was stolen without the hackers ever acquiring the private keys.

Timeline of Events:

• February 21, 2025: During a routine transfer from Bybit's Ethereum multisignature cold wallet to its warm wallet, hackers exploited vulnerabilities by manipulating the transaction interface. This deception led to unauthorized access and the subsequent transfer of funds to an unidentified address.
• February 22, 2025: Bybit's CEO, Ben Zhou, addressed the incident, assuring users that all other cold wallets remained secure and that withdrawals were functioning normally. He emphasized that client assets were 1-to-1 backed and that the platform remained solvent despite the loss.
• February 26, 2025: Independent cybersecurity firms, including Verichains and Sygnia Labs, conducted audits revealing that North Korean hackers infiltrated Safe—a crypto wallet provider used by Bybit—by injecting malicious JavaScript code into Safe's online infrastructure. This code specifically targeted Bybit's contract address, facilitating the theft. The preliminary investigation reports are (at time of writing) available at https://docsend.com/view/s/rmdi832mpt8u93s7.
• February 27, 2025: The FBI identified North Korea's Lazarus Group as the perpetrators behind the theft, marking it as the largest cryptocurrency exchange hack to date. The stolen assets were traced through multiple blockchain addresses, with efforts underway to launder and convert them to fiat currency. 
• February 28, 2025: Ben Zhou posted here and on X that Bybit had issued a bounty for information leading partial recovery of the stolen funds. A Discord channel was created for bounty hunters.
• During February: Ben Zhou recorded insightful interviews on the hack with Mr Shift and Mario Nawfal. Worth a listen.
• ... more to come ...

Insightful Third Party Posts:

• Posts by Salt co-founder, Jason Rudolph: https://www.linkedin.com/posts/jason-rudolph-540395b4_reflections-on-the-bybit-hack-us15bn-activity-7299679679232233473-AzHm
•  Jose J. Perez Aguinaga, at key security firm Tungstenan posted good questions asking how this hack could be prevented:  https://www.linkedin.com/posts/jjperezaguinaga_digitalassets-digitalcustody-cryptosecurity-activity-7299347907286040576-ft0g and also https://www.linkedin.com/posts/jjperezaguinaga_crypto-hsms-digitalcustody-activity-7299006490483347456-7r1z