Blog Details

An insecure freeware allowed attackers to execute a billion-dollar heist at Bybit. The security issues had been known for a long time.

A recent investigation sheds new light on the Bybit case: The biggest theft in history was made possible because the company relied on insecure freeware. The affected application, named "Safe," is typically used for crypto transactions by amateur traders. However, Bybit used it to transfer $1.5 billion worth of cryptocurrency. Reports suggest that the company's management was aware of the risks.

The New York Times has now revealed new details about the February 21st attack, in which cybercriminals managed to steal a massive amount of Ethereum (ETH). Bybit was moving funds from one of its storage wallets to another when hackers intercepted the transaction. The FBI suspects a North Korean hacking group to be responsible for the attack.

Bybit CEO Lost Billions

Bybit CEO Ben Zhou personally approved the transaction, unknowingly handing control of the Ethereum funds to the attackers. According to the New York Times, "Safe" was the critical vulnerability. This widely used freeware for crypto wallets is accessible to anyone and is popular among amateur traders. However, this did not stop Bybit from using it to transfer billions. The cybercriminals manipulated Safe, allowing them to redirect the transferred Ethereum to their own wallets.

The most frustrating part for Bybit: More secure systems already exist, specifically designed for large-scale transactions. Despite this, Bybit continued using Safe for years. Many security experts believe that the incident was preventable. "In 2025, such negligence is completely unacceptable," said Charles Guillemet from the crypto security firm Ledger in an interview with the New York Times. He emphasized that urgent changes are needed in the industry.

"We Should Have Switched to a Better System"

Bybit CEO Ben Zhou admitted to the New York Times that the $1.5 billion mistake could have been avoided: "We should have switched to a better system and distanced ourselves from Safe."

Meanwhile, the stolen funds from what is likely the largest crypto heist in history have already been converted into Bitcoin multiple times.

Rahul Rumalla, a key figure at Safe, stated in the report that his team has since introduced new security features. He defended the freeware, describing Safe as the backbone of leading organizations in the crypto industry. "Our job is not to fix the incident but to ensure that the industry learns from it," he told the New York Times.

Market Crash After Bybit Disaster

Following the Bybit catastrophe, the crypto market suffered severe losses: Bitcoin and other cryptocurrencies dropped by up to 20%. Bitcoin fell from $110,000 to $80,000, and even U.S. President Trump's announcement of a national crypto reserve failed to trigger a recovery.