Bybit After $1.4 Billion Hack: Comprehensive Security Update, Liquidity Restoration, and New Cyber Attack Challenges in 2025

Bybit After .4 Billion Hack: Comprehensive Security Update, Liquidity Restoration, and New Cyber Attack Challenges in 2025

Bybit Security Update After Biggest $1.4 Billion Hack: Deep Dive

In February 2025, Bybit, the world’s second-largest cryptocurrency exchange by trading volume, suffered one of the largest hacks in the history of the crypto industry. The losses amounted to more than $1.4 billion in Liquid Staked Ether (STETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. The incident caused widespread controversy and called into question the security of one of the leading platforms. In response to the crisis, Bybit carried out a major security update, which was detailed in an official statement on June 4, 2025.

Chronology and scale of the incident

Date of hack: February 21, 2025.
Amount of funds stolen: over $1.4 billion in various ERC-20 tokens, including Liquid Staked Ether (STETH) and Mantle Staked ETH (mETH).
Meaning: One of the biggest hacks in crypto history, threatening the credibility of Bybit and the entire industry.

Comprehensive Security Update: Three Key Focus Areas

Following the incident, Bybit implemented a three-pronged approach to strengthen security:

Security audit
Strengthening wallets
Improving information security

Security audit

In the month following the hack, the exchange conducted nine comprehensive audits, involving both internal specialists and independent external experts. As a result of the audits, 50 new security measures were implemented to eliminate the identified vulnerabilities and improve the overall resilience of the platform.

Strengthening the cold wallet

Bybit has significantly tightened its protocols for working with cold wallets, the main storage of cryptocurrencies that are not connected to the Internet. In particular:

An updated procedure for the security of cold wallets has been introduced, providing for full supervision by security experts at all stages of operation.
Multi-party computing (MPC) technology is used, which increases key security and reduces the risk of compromise.
Combined hardware security modules to create stronger protection.

Improving information security

Bybit has received the international ISO/IEC 27001 certification, a recognized standard for information security risk management. The company has also implemented encryption of all internal and client communications and data storage, which significantly reduces the likelihood of leaks and hacker attacks.

Liquidity Restoration and the LazarusBounty Program

Despite the massive hack, Bybit quickly restored liquidity to trading pairs:

According to a report from analytics company Kaiko, the bitcoin market depth within 1% of the price reached a daily average of $13 million just 30 days after the incident.
Altcoin liquidity has also stabilized, reaching over 80% of pre-hack levels for the top 30 altcoins by market cap.

A key role in the recovery was played by the Retail Price Improvement (RPI) function – specialized orders aimed at attracting institutional liquidity and stabilizing the market during a period of shortage.

In addition, Bybit launched the LazarusBounty program , which tracks stolen funds and pays out rewards for their return. To date, more than $2.3 million has been distributed through the program.

New challenges: the human factor as a weak link

Bybit representatives and industry experts note that modern hackers are increasingly moving away from attacks on technical vulnerabilities to exploits based on human error:

Hackers use social engineering to impersonate major brands and protocols.
Attacks are becoming more sophisticated and attackers are targeting “human behavior, not code.”

Ronghui Gu, co-founder of CertiK, emphasizes that smart contracts and blockchain infrastructure are becoming more secure, and the main risk is now the human factor.

What New Security Measures Has Bybit Implemented Since February Hack?

Bybit’s $1.4 billion hack was a serious test for the exchange and the crypto industry as a whole. The company’s rapid and large-scale response – conducting multiple audits, implementing advanced security technologies, and obtaining international certificates – demonstrates a high level of responsibility and readiness to combat new threats.

The restoration of liquidity and active work with stolen funds through LazarusBounty demonstrates Bybit’s commitment to maintaining the trust of its customers and partners.

However, the new trend of attacks through human factor requires all market participants not only to take technical measures, but also to increase the level of awareness and training of users and employees.

Bybit will continue to improve its security systems to remain one of the most trusted platforms in the rapidly changing world of cryptocurrencies.

Bybit After $4.4 Billion Hack: Comprehensive Security Update, Liquidity Restoration, and New Cyber Attack Challenges in 2025

Following a hack in February 2025 that resulted in the theft of over $1.4 billion, crypto exchange Bybit has implemented a comprehensive security update that includes over 50 new measures. The main innovations can be divided into three key areas:

Security audit and process review
- Nine independent and internal audits of security systems were conducted.
- Operating procedures, access control and data protection at all levels have been reviewed.
- The identified vulnerabilities have been eliminated and expert recommendations have been implemented to improve the overall stability of the platform 1 2 3 5 .
Strengthening the protection of cold wallets
- An updated authorization procedure (Operational Safety Procedure, OSP) has been implemented, requiring full control and support of all operations by security experts at all stages.
- The Multi-Party Computation (MPC) model is used, which eliminates single points of failure and improves the security of key management.
- Hardware Security Modules (HSMs) are combined to provide maximum protection at the hardware level 1 2 3 5 6 .
Improving information security
- Received the international ISO/IEC 27001 certificate – the highest standard for information security risk management.
- Encryption has been implemented by default for all internal and client communications, as well as for data storage, which reduces the risks of leaks and unauthorized access 2 3 5 6 .

These measures have allowed Bybit to significantly increase the level of platform security, minimize the risk of repeated attacks, and restore user trust after the largest hack in the history of the cryptocurrency industry.

How ISO/IEC 27001 Certification Improved Bybit’s Data Security

Bybit’s ISO/IEC 27001 certification has significantly improved the platform’s data protection and information security by implementing systematic and proactive risk management. This international standard sets out requirements for an information security management system (ISMS) that ensures the confidentiality, integrity, and availability of data.

The main effects of ISO/IEC 27001 implementation for Bybit:

Proactively identify and assess security risks . Bybit now systematically and proactively detects potential threats, allowing it to quickly take action to neutralize them and prevent incidents 1 6 .
Strict security policies and procedures . Certification requires the development and implementation of clear rules for access control, data protection, incident response, and employee training that minimize human error and vulnerabilities 6 .
Encryption of all internal and client communications and data storage . This reduces the risk of leaks and unauthorized access to information, including data at rest and in transit 2 3 5 .
Compliance with national and international regulations . Certification confirms that Bybit complies with industry best practices and legal requirements, which increases the trust of customers and partners 1 6 .
Increased overall platform stability and reliability . Risk management and ongoing security audits help maintain high security standards even in the face of complex and multi-stage cyber attacks 2 3 .

Bybit CEO Ben Zhou emphasized that receiving ISO/IEC 27001 certification is a testament to the company’s commitment to protecting customer funds and data, and is the foundation for providing safe and secure trading services 1 2 .

ISO/IEC 27001 certification has thus become a key element of Bybit’s comprehensive security upgrade, providing the platform with bank-level information security and strengthening its position in the cryptocurrency market.

What is the LazarusBounty program and how does it help to return stolen funds

Launched by crypto exchange Bybit following a hack in February 2025, the LazarusBounty program is an initiative to reward cybersecurity experts, blockchain analysts, and ethical hackers for helping track down and recover stolen funds.

Main features of the LazarusBounty program:

Reward up to 10% of the recovered amount – Bybit promises to pay significant bonuses to those who help return the stolen assets. The total reward amount can reach $140 million.
Global collaboration – the program brings together experts from around the world who jointly analyze blockchain transactions, identify the addresses of attackers and the methods of moving stolen cryptocurrencies.
Tracking stolen funds – Through analytics and monitoring, the LazarusBounty team and its dedicated specialists attempt to block or recover funds moving through centralized exchanges, decentralized exchanges (DEX), cross-chain bridges, and mixers.
Investigation and Security Support – The program not only helps recover assets, but also improves the overall security of the platform by identifying new vulnerabilities and preventing re-attacks.

How the program helps to return stolen funds:

Bybit actively collaborates with law enforcement and experts, using LazarusBounty to incentivize professionals to find and identify traces of stolen tokens.
Rewards motivate specialists to conduct deep analysis of blockchain transactions and identify the addresses through which stolen assets pass.
Thanks to joint efforts, many of the stolen funds were tracked down and partially returned, which reduces the damage to the exchange and its clients.

Thus, LazarusBounty is an innovative mechanism that turns the cybersecurity community into an active tool in the fight against crime in the crypto space, increasing the chances of recovering stolen funds and strengthening the security of Bybit and the entire industry 1 2 8 .

Why Bitcoin Liquidity Recovered Faster Than Altcoins on Bybit

Bitcoin liquidity on Bybit has recovered faster than altcoin liquidity for several reasons:

The brunt of the hack was felt by Ethereum and ERC-20 tokens rather than Bitcoin. This resulted in a stronger temporary decrease in liquidity in altcoins associated with the Ethereum ecosystem, while Bitcoin remained relatively less affected 1 2 .
Bitcoin has traditionally been considered a “safe haven” in the crypto market , despite its volatility and risks. This maintains high interest and confidence among traders and institutional investors, which facilitates a faster recovery of liquidity 5 .
Bybit has made extensive use of special tools such as Retail Price Improvement (RPI) , a feature designed to attract and retain institutional and retail liquidity, especially for Bitcoin. This has helped stabilize market conditions and speed up the return of liquidity in Bitcoin pairs 6 .
The overall market environment and macroeconomic uncertainty have had a greater impact on altcoins , slowing their recovery compared to Bitcoin, which is perceived as a more resilient asset during periods of instability 5 .

Thus, a combination of technical reasons (the focus of the attack on Ethereum), market preferences, and Bybit’s liquidity-boosting strategies have ensured that Bitcoin’s market depth has recovered more quickly than altcoins.

What new types of attacks are hackers using and how does this affect the security of crypto exchanges

Hackers have increasingly used new types of attacks in recent years, which significantly change the threat landscape for crypto exchanges and crypto services in general. The main new trends and their impact on the security of crypto exchanges are as follows:

New types of attacks used by hackers

Social engineering and phishing attacks
- Hackers actively use phishing attacks , including spear phishing (personalized emails), vishing (voice phishing) and smshing (phishing via SMS). They impersonate major brands or official organizations to trick users into giving them access to their credentials and exchange employees 1 6 .
- The use of deepfakes – doctored videos and audio recordings that allow attackers to impersonate company executives or employees to manipulate and steal information 2 .
Advanced Persistent Threats (APT)
- Long-term, carefully planned attacks on specific companies or organizations, including crypto exchanges, using multiple methods to bypass protection and introduce malware 5 7 .
- Using techniques such as Bring Your Own Vulnerable Driver (BYOVD) – using vulnerabilities in drivers to escalate privileges and bypass security systems 2 .
Attacks on DeFi Protocols and Blockchain Bridges
- Hackers are shifting from attacking blockchain consensus mechanisms to vulnerabilities in DeFi smart contracts and cross-chain bridges, allowing them to steal funds through price manipulation and exploits 1 .
Injecting malicious code into artificial intelligence models
- With the spread of open AI models, the risk of their infection with Trojans and backdoors increases, which can lead to the compromise of the security systems of crypto exchanges and related services 2 .
Man-in-the-Middle (MitM) attacks
- Interception and modification of data during transmission between users and services, which allows attackers to gain access to confidential information 4 9 .

The Impact of New Types of Attacks on Cryptocurrency Exchange Security

Growing number of attacks on human factor . As Bybit representatives noted, attackers increasingly exploit the mistakes and gullibility of employees and users, rather than technical vulnerabilities of protocols. This requires enhanced staff training and the implementation of multi-factor authentication 1 .
Increased complexity and duration of attacks . Targeted APT attacks require crypto exchanges to constantly monitor, respond quickly, and continually improve their defense systems 5 .
Need for a comprehensive approach to security . In addition to technical measures, crypto exchanges must implement identity verification procedures, analyze user behavior, and cooperate with law enforcement and the cybersecurity community.
Risk of loss of trust and liquidity . Hacks and attacks cause panic among customers, leading to mass withdrawals and liquidity crises, as was the case with Bybit after the hack3 .

What New Types of Attacks Will Hackers Use to Break Into Crypto Exchanges in 2025

New types of attacks are aimed at exploiting human weaknesses, complex technical vulnerabilities, and innovative deception methods, making it much more difficult to protect crypto exchanges. Countering these threats requires not only technical updates, but also increased user awareness, comprehensive security programs, and ongoing cooperation with experts and law enforcement.

Thus, modern cyberattacks require crypto exchanges to move from traditional measures to a multi-layered and adaptive security strategy.

In 2025, hackers will use new types of attacks on crypto exchanges, which will significantly complicate protection and increase risks for crypto companies. Key modern attack vectors include:

Phishing using artificial intelligence and neural networks . Hackers create almost perfect phishing emails and chats with the right intonation and personal data of victims, which significantly increases the effectiveness of deception via email, Discord, Telegram and other channels 1 2 .
Attacks on Smart Contracts and DeFi Protocols : Vulnerabilities in smart contract code allow attackers to steal funds through exploits and manipulation, especially in fast-growing DeFi and NFT projects 1 9 .
Stealing private keys and passwords through interface vulnerabilities and malware . Hackers create fake websites and applications to which they redirect users in order to gain access to their keys and accounts. Often, keys are stored insecurely – in notes, clouds or messengers, which makes it easier to steal 2 6 .
API and third-party integration manipulation . Vulnerabilities in the API of crypto exchanges and partner services are used to gain unauthorized access and leak data 1 .
DDoS attacks on exchanges with the aim of causing panic, driving down prices and destabilizing trading 1 .
The rise of new generation cyber threats , including bypassing multi-factor authentication and infecting infrastructure through third-party libraries and components 1 .
Targeted APT attacks are complex, multi-stage hacks that use a variety of techniques, including bribery of employees (social engineering), malware, and exploitation of vulnerabilities in infrastructure 6 7 .
Spreading malware through fake CAPTCHA and advertising networks . Such programs steal credentials, replace wallet addresses in the clipboard, and establish remote access 5 .
Browser cache attacks to spy on user activity on popular crypto sites and identify potential targets 4 .

Taken together, these new types of attacks make crypto exchange security in 2025 an extremely complex task, requiring comprehensive technical solutions, constant monitoring, staff training, and collaboration with cybersecurity experts.

As such, hackers are moving from simple technical hacks to multi-layered, social engineering, and technologically advanced attacks, significantly increasing the risks for crypto companies and their customers.