In the night of February 21, Zhou, the Chief Executive of the Cryptocurrency Exchange Bybit, logged to his computer to approve what a routine transaction seemed to be. His company moved a large amount of ether, a popular digital currency, from one account to another.
Thirty minutes later, Mr. Zhou received a phone call from the financial officer of Bybit. With a vibrating voice, the executive told Mr. Zhou that their system had been hacked.
“All the Ethereum has disappeared,” he said.
When Mr. Zhou approved the transaction, he had accidentally handed control of an account to hackers supported by the Noord -Korean government, according to the FBI, she stole $ 1.5 billion in cryptocurrencies, the biggest robbery in the history of industry.
To withdraw the amazing infringement, the hackers operated a simple error in the protection of Bybit: the dependence on a free software product. They penetrated a Bybit by manipulating a publicly available system that used the exchange to protect hundreds of millions of dollars in customer deposits. For years familiar Bybit on the storage software, developed by a technology supplier called SAFE, even while other security companies sold more specialized tools for companies.
The hack sent Crypto -marketing in a free fall and undermined confidence in the industry at a crucial time. Under the crypto-friendly Trump administration lobbying industrial managers for new American laws and regulations that would make it easier for people to pour their savings into digital currencies. On Friday the White House is planned to organize a “crypto -top” with President Trump and top officials.
Crypto security experts said they suffered from what the robbery revealed about the safety protocols of Bybit. The losses were “fully prevented,” a security company wrote in an analysis of the infringement, with the argument that it “should not have happened”.
The Safe storage tool is widely used in the crypto industry. But it is better suited for crypto -hobbyists than exchanges to treat billions in customer deposits, said Charles Guillemet, a director of Ledger, a French crypto security company that offers a storage system designed for companies.
“This really has to change,” he said. “It is not an acceptable situation in 2025.”
The hack left for 48 hours. The company supervises no less than $ 20 billion in customer deposits, but did not have enough ether to cover the losses of the $ 1.5 billion robbery. Mr. Zhou, 38, raced to keep the company upright by borrowing from other companies and on the basis of business reserves to meet an increase in withdrawal requests. On social media he seemed surprisingly relaxed and announced a few hours after the theft that his stress levels were 'not too bad'.
While the crisis unfolded, the price of Bitcoin, a Bellwether for the industry, decreased 20 percent. It was the steepest decrease since the failure of FTX 2022, the exchange led by the Chattered Mogul Sam Bankman-Gefreuurt.
In an interview this week, Mr. Zhou acknowledged that Bybit had a warning of potential problems with Safe. Three or four months before the hack, he said, the company noted that the software was not fully compatible with one of his other security services.
“We should have upgraded and leaving safe,” said Mr. Zhou. “We certainly want to do that now.”
Rahul Rumalla, the most important product officer of Safe, said in a statement that his team had made new security functions to protect users and that the products of Safe “The Treasury -Backbone were for some of the largest organizations in space.”
“Our task is not only to repair what happened,” said Mr. Rumalla, “but to ensure that the entire space learns, so this no longer happens.”
Bybit was founded in 2018 and works as a crypto marketplace, where day traders and professional investors can convert their dollars or euros into Bitcoin and Ether. Many investors treat exchanges such as Bybit as informal banks, where they deposit crypto companies for custody.
According to some estimates, Bybit is the world's second largest crypto exchange, which processes tens of billions of dollars every day. Located in Dubai it does not offer services to customers in the United States.
On February 21, Mr. Zhou was at home in Singapore and ended some work, he said in the interview.
But first he and two other managers had to sign up with a transfer of cryptocurrencies from one account to another. These routine transfers must be safe: no person at Bybit can perform them, creating multiple protection layers of thieves.
Behind the scenes, however, a group of hackers had already been broken into the Safe system, according to Bybit's Audit of the Hack. They had compromised a computer from a safe developer, said a person with knowledge of the case, allowing them to plant malignant code to manipulate transactions.
A link sent via safe invited Mr. Zhou out to approve the transfer. It was a list. When he unsubscribed, the hackers took control of the account and stole $ 1.5 billion in crypto.
The sudden outflows came on the blockchain, a public ledger of crypto transactions. Crypto analysts quickly identified the perpetrator as the Lazarus group, a hacking syndicate that is supported by the Noord -Korean government.
That night Mr. Zhou went to the Singapore office of Bybit to manage the crisis. He announced the hack on social media and started a crisis protocol that is known as P-1, on a button to wake up every member of the leadership team
Mr. Zhou on a live stream on X and hit a red bull. He promised customers that Bybit was still a solvent.
“Even if this hack loss is not restored, all assets of customers are supported 1 to 1,” he said in a post. “We can cover the loss.”
Those guarantees were not enough. Within a few hours, Mr. Zhou said, about half of the digital currencies on the platform, or almost $ 10 billion, had been withdrawn. The cryptomarkt fell.
To limit the damage, other crypto companies offered to help. Gracy Chen, the Chief Executive of a rival stock market, bitget, Lent Bybit 40,000 in Ether, or about $ 100 million, without asking for interest or even collateral.
“We never affected their assets to pay ourselves back,” said Mrs. Chen.
Between crisis meetings, Mr. Zhou gave a walking comment on X. He shared screenshots from a Health app, which shows that his stress levels were surprisingly normal.
“Too focused with the orders of all meetings. Forgotten stress, “he wrote. “I think it will come soon if I will really understand the concept of losing $ 1.5 billion.”
After looting Bybit, the North Korean hackers distribute the stolen funds about a huge web of online crypto portfolios, a money washing strategy that they had also used after another robbery.
“Lazarus Group is at a different level,” wrote Haseb Qureshi, a venture investor, except for X.
Security experts blamed to jeopardize themselves. To authorize the routine transfer that led to the hack, Mr. Zhou said, he used a hardware tool designed by Ledger, the crypto security company. The device was not synchronous with safe, he said. So he could not use the tool to check the full details of the transaction he approved, always a risky practice in the crypto world.
“Safe just doesn't give you the types of checks you would like if you often start to do operational transfers,” said Riad Wahby, professor of computer technology at Carnegie Mellon University and co-founder of the digital security company Cubist.
Mr. Zhou said he wish he had taken action earlier to strengthen the defense of Bybit. “There are a lot of regret now,” he said. “I should have paid more attention to this area.”
Nevertheless, Bybit continued to work after the hack, where all recordings are processed within 12 hours, Mr. Zhou said. Not long after the infringement, he announced on X that the company was moving another $ 3 billion in Crypto.
“This is planned maneuver, Fyi,” he wrote. “We were not hacked this time.”
