Israeli cybersecurity firm Sygnia has successfully cracked the Bybit hack, uncovering the vulnerability that led to the $1.5 billion theft. The breach occurred on February 21, 2025, and involved unauthorized access to one of Bybit’s Ethereum (ETH) cold wallets.
The attack was executed when a threat actor manipulated an ETH multisig transaction facilitated through Safe{Wallet}, allowing them to gain control of the cold wallet and transfer its assets to an external address. Bybit engaged Sygnia to conduct a forensic investigation, determine the root cause of the breach, and implement security measures to prevent future incidents.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
In response, Bybit engaged Sygnia to conduct a comprehensive forensic investigation. The primary objectives include identifying the root cause of the attack, assessing the extent of the compromise, and implementing measures to mitigate both immediate and long-term risks.
This discovery sheds light on critical security gaps in digital asset storage, emphasizing the need for enhanced safeguards in the crypto industry.
Sygnia’s forensic investigation revealed that the attack on Bybit originated from a vulnerability in Safe(Wallet), a third-party crypto infrastructure provider, rather than Bybit’s own systems. The North Korean Lazarus Group, suspected to be responsible, compromised a Safe developer’s computer and injected malicious JavaScript. This allowed them to alter transaction details during signing, diverting funds undetected.
Ben Zhou, co-founder and CEO of BYBIT, stated, “We have assigned a team to dedicate to maintain and update this website, we will not stop until Lazarus or bad actors in the industry is eliminated. In the future we will open it up to other victims of Lazarus as well.”
Founded in 2015, Sygnia works with companies to proactively build their cyber resilience and to respond and defeat attacks within their networks. It is the trusted advisor and cyber security service provider of IT and security teams, senior managements and boards of leading organizations worldwide, including Fortune 100 companies.
Sygnia was launched with Team8 group, supported by leading investors and design partners, including Microsoft, Cisco, Qualcomm, Intel, Bessemer, Innovation Endeavors, and Temasek. Since October 2018, Sygnia is a Team8 and a Temasek International company.
