Gautham Santhosh

The Bybit Hack: Largest Crypto Heist in History

February 21, 2025

On February 21, 2025, the crypto industry witnessed its single largest hack in history. Over $1.46 billion was stolen from Bybit in one attack. To put that number in perspective, this single heist represents roughly 16% of all the value stolen in every previous crypto hack combined. That is not a typo. One attack equaled about a sixth of everything that came before it across the entire history of the industry.

The attack targeted Bybit's cold wallet infrastructure, which is supposed to be the most secure part of any exchange's architecture. Cold wallets are kept offline specifically to prevent exactly this kind of theft. The attacker managed to compromise the signing process during a routine transfer from Bybit's cold wallet to a warm wallet. By manipulating the transaction payload that the signers approved, the attacker redirected the funds to their own addresses. The signers believed they were approving a legitimate internal transfer, but the underlying transaction had been altered. It was a sophisticated supply chain attack on the signing infrastructure itself.

What struck me most about this incident was how it exposed a fundamental vulnerability in the way centralized exchanges manage custody. Multi-signature wallets are only as secure as the environment in which signatures are produced. If an attacker can compromise the interface that presents transactions to signers, it does not matter how many signatures you require -- every signer will approve what looks like a legitimate transaction. This is a UI-layer attack against a cryptographic security model, and it is devastatingly effective.

The industry response was swift. Other exchanges, including Binance and Bitget, offered support. Bybit's CEO Ben Zhou communicated transparently throughout the crisis, confirming that customer withdrawals would be honored and that the exchange remained solvent. To their credit, Bybit processed over 350,000 withdrawal requests in the hours following the hack without pausing withdrawals -- a move that helped prevent a broader crisis of confidence. But the fact remains that $1.46 billion was stolen, and the vast majority of it is unlikely to be recovered.

For those of us building in the derivatives space, the Bybit hack is a stark reminder of why custody architecture matters so much. At Polynomial, we have always believed that the long-term future of trading infrastructure is non-custodial. When users maintain control of their own keys and interact with protocols through smart contracts, the attack surface for this kind of catastrophic theft simply does not exist. You cannot steal $1.46 billion from a cold wallet if there is no cold wallet holding $1.46 billion. The tradeoff is complexity and user experience, but incidents like this make the case that the tradeoff is worth it.

The Bybit hack should serve as a watershed moment for the industry. We have spent years building increasingly sophisticated DeFi protocols that eliminate custodial risk, and the largest hack in crypto history just demonstrated exactly why that work matters. The question is not whether centralized exchange hacks will continue to happen -- they will. The question is how quickly the industry migrates to infrastructure where they cannot.

Read the full thread on X