Cyber Incident Victim: Bybit
Date:
Jan 2025
Location:
United Arab Emirates
Summary
A major cryptocurrency exchange suffered a $1.4 billion theft attributed to North Korean state-sponsored hackers, marking the largest single incident in a broader wave of attacks that collectively extracted approximately $2.7 billion from digital asset platforms. The stolen funds reportedly support North Korea's sanctioned weapons programs, continuing a multi-year trend of high-value crypto heists targeting exchanges and decentralized protocols. Other significant breaches included losses exceeding $223 million from a decentralized exchange and over $128 million from a liquidity protocol, underscoring persistent vulnerabilities across the ecosystem. This incident represents part of an escalating pattern of cybercriminal activity focused on cryptocurrency infrastructure, with North Korean actors identified as particularly prolific offenders responsible for billions in cumulative thefts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In 2025, attackers executed a large-scale breach against cryptocurrency exchange Bybit, resulting in the theft of approximately $1.4 billion in digital assets. This incident represented the single largest cryptocurrency theft of the year and formed part of a broader pattern of escalating crypto-related crimes. According to FBI assessments and cybersecurity firms Chainalysis and Elliptic, North Korean state-sponsored hackers orchestrated the attack, continuing their established operational focus on cryptocurrency infrastructure. The theft surpassed previous records set in 2022, when the Ronin Network and Poly Network suffered losses of $624 million and $611 million respectively. Bybit's breach contributed significantly to the annual total of $2.7 billion in cryptocurrency stolen during 2025, as documented by both Chainalysis and TRM Labs. Additional thefts included $700,000 from individual cryptocurrency wallets, though these smaller-scale incidents were overshadowed by major exchange breaches. The attack methodology employed against Bybit wasn't detailed in public reports, but its scale indicated sophisticated targeting of exchange infrastructure. No immediate containment measures or forensic findings from Bybit were disclosed in available reporting.
The Bybit breach formed part of a sustained campaign by North Korean cyber operatives, who collectively stole at least $2 billion in cryptocurrency during 2025 according to Chainalysis and Elliptic estimates. Their cumulative thefts since 2017 reportedly exceeded $6 billion, with stolen funds allegedly financing North Korea's nuclear weapons and ballistic missile programs in violation of international sanctions. Other significant 2025 incidents included a $223 million theft from decentralized exchange Cetus, a $128 million attack on the Balancer protocol, and a $73 million hack of Phemex exchange. These attacks continued an upward trend from $2 billion stolen in 2023 and $2.2 billion in 2024. Security firm De.Fi corroborated the $2.7 billion annual loss figure through its REKT database tracking Web3 breaches. Industry analysts observed no reduction in threat activity, forecasting persistent targeting of cryptocurrency exchanges and decentralized finance platforms. Technical experts cited by reporters emphasized existing security priorities including smart-contract audits, asset monitoring protocols, and enhanced cybersecurity measures for DeFi ecosystems as critical defensive measures against well-resourced threat actors.