On February 21, 2025, Bybit lost roughly $1.5 billion in Ethereum in what became the largest cryptocurrency exchange hack on record. The attackers struck during a routine cold-to-hot transfer by manipulating the signing interface Bybit's operators trusted. Weeks later, the FBI attributed the theft to North Korea's Lazarus Group, the same crew behind the 2022 Ronin Bridge drain and the 2021 KuCoin breach.
If you've ever asked whether your exchange is safe, the Bybit hack is the answer we keep coming back to. Even the most operationally sharp centralized exchanges can lose customer funds at scale, and no amount of "cold storage" branding from a custodian removes that risk. The point we want you to leave with is simple: keys you don't control aren't yours.
Below, we walk through how the Bybit hack worked, why cold-storage wallets at centralized exchanges can still fail, how customer recovery played out, and what we'd take from the year-plus aftermath if we were holding crypto today.
The attack came in three layers, and each one is worth understanding on its own.
The first layer was UI manipulation. Bybit's multi-signature operators relied on a signing interface to approve cold-to-hot transfers, and the attackers compromised that interface. When operators clicked through what looked like a routine transfer, the screen showed the correct destination address while the underlying transaction redirected the funds to wallets the attackers controlled.
The second layer was a supply-chain compromise. Forensic analysis from Chainalysis traced the breach to Safe{Wallet}, a third-party signing tool that Bybit's workflow depended on. The attackers didn't break Bybit's cryptography. They broke the human-machine interface where operators verified what they were signing.
The third layer was the exit. Once funds landed in attacker wallets, they moved through cross-chain bridges, mixers including Tornado Cash's various reincarnations, and over-the-counter desks. About $300 million ended up frozen or recovered. The remaining $1.2 billion is presumed gone for good.
This pattern matters because it shows that cold storage isn't bulletproof when the signing operation depends on software. The keys themselves were safe; the interface humans used to verify the signing target was not.
Customer holdings sat partly in the affected wallet. Bybit kept user assets across hot wallets (for daily trading), warm wallets (for routine transfers), and cold storage. The hot and warm tiers weren't directly compromised, yet the cold storage backing them was, which meant the chain of trust the exchange relied on had a weak link inside it.
Bybit covered the loss from company reserves and kept withdrawals open through the incident. Solvency held because the exchange had deep corporate reserves; a smaller venue with thinner books would've collapsed under a $1.5 billion hit. So the takeaway isn't that customers were in acute danger this time around. It's that the failure mode (cold storage compromise through a signing-tool supply chain) exists at every centralized exchange, and only exchanges with very deep reserves can absorb a loss of this size without passing it down.
The case for hardware wallets over exchanges hasn't shifted in over a decade. Bybit just gave us the most expensive recent demonstration.
A few things become clearer. First, "cold storage" at a centralized exchange isn't the same animal as cold storage in your hand. Both use the same term. The setup differs in almost every important way: an exchange's cold storage involves multi-party signing, periodic warm-wallet transfers, and operational workflows that create attack surface, while a hardware wallet's cold storage involves you, a device, and a button press.
Second, operational risk is the unaddressed risk. Most exchange audits focus on key management and wallet architecture. They rarely cover the signing tools, the human verification step, or the chain of software involved in moving funds between tiers. Bybit's loss happened in the exact gap audits don't reach.
Third, reserve quality matters more than reserve quantity. Bybit could absorb $1.5 billion because its reserves were real. Other exchanges (FTX, Celsius, Voyager) had reserve claims that fell apart under scrutiny when customers wanted their money back. The transparency Bybit showed after the hack is the standard we'd push you to demand from any exchange holding your funds.
Imagine a holder with $10,000 of Bitcoin sitting on an exchange when news of the Bybit hack breaks. The hack itself doesn't touch their balance directly, because Bybit ate the loss out of its own corporate reserves rather than passing it down. Their position is intact, at least this time around.
Now imagine the same $10,000 of Bitcoin on a hardware wallet. The Bybit hack doesn't reach them at all. Their keys never touched Bybit, and their position doesn't change based on which exchanges have which incidents.
The asymmetry runs deep. With self-custody, you don't track which exchange just got hacked, which custodian's audit lapsed, or which signing-tool supply chain has been compromised this week. The wallet either has the funds or doesn't, and you're the only one with the final say.
The FBI's attribution to Lazarus Group lines up with North Korean state-sponsored crypto theft going back to 2017. According to TRM Labs, North Korean actors have stolen more than $5 billion in crypto across multiple incidents, with recovery rates well under 10% because the funds move through laundering infrastructure faster than international agencies can coordinate.
For the 2025 Bybit incident, roughly $300 million was frozen across various intermediaries, mostly through coordinated action by Tether (which froze USDT inside laundering paths) and centralized exchanges that flagged attacker-linked addresses. The remaining $1.2 billion is still missing.
Ryder One holds your keys offline on an EAL6+ Infineon SLC38 secure element, with no exchange and no third-party signing tool in the chain. Every transaction lives on the device: you see the destination address on the 1.6-inch AMOLED touchscreen, you press a button wired directly into the secure element, and only then does anything get signed. NFC-only communication means the device never carries a USB or wireless data path that someone could exploit remotely.
A Bybit-style attack vector, which depends on hijacking a centralized signing workflow, can't reach a wallet you control directly. We built TapSafe Recovery to make sure the backup isn't a single point of failure either. The Recovery Tag holds 50% of the recovery secret, your paired phone holds the other 50% encrypted in iCloud or Google Drive (not on the phone itself), and you can optionally hand 25% to each of up to four Recovery Contacts. Lose your device or your tag, and you can still recover; lose your phone, and the cloud-backed share keeps you covered. Your BIP-39 seed phrase stays available on-device as a last resort, so you're never locked to our hardware. The Ryder One ships at $229 with a Recovery Tag, Qi wireless charger, and travel pouch in the box.
The February 2025 Bybit hack was the largest exchange theft in cryptocurrency history at $1.5 billion. The attackers exploited a signing-tool supply chain that bypassed Bybit's cold storage architecture without touching its cryptography. North Korea's Lazarus Group was the actor, the recovery was limited, and Bybit's corporate reserves (rather than its customers) absorbed the loss. For self-custody holders, the incident confirms what was already true at the structural level: keys you don't control aren't yours, and exchanges remain the highest-risk part of any crypto portfolio.
Past the reach of any exchange compromise. Ryder One holds your crypto offline on an EAL6+ secure element, with TapSafe Recovery as the backup. No signing-tool supply chain in the path.
SEO
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: