In February 2025, the cryptocurrency world was rocked by yet another major hack—this time targeting Bybit, one of the largest crypto exchanges. The attackers, later identified as North Korea’s infamous Lazarus Group, siphoned off approximately $1.5 billion in digital assets using a sophisticated phishing scheme.
When I first heard about it, I felt a familiar pit in my stomach. This wasn’t just another headline to me—I’ve lived this nightmare firsthand. My book, UNDERMINED, details my own experience of losing a fortune in crypto to cybercriminals. As I read about the Bybit attack, the eerie similarities to my own story sent me back to the day I watched my life savings disappear.
The Bybit Hack: A Breakdown
On February 21, 2025, Bybit’s CEO, Ben Zhou, initiated what should have been a routine transfer of 40,000 Ethereum (ETH). But something was off. Unbeknownst to him, hackers had infiltrated the system, deploying an advanced phishing scheme that perfectly mimicked the exchange’s interface. In mere moments, 401,000 ETH—worth roughly $1.5 billion—was gone.
As an early crypto investor and miner, I know how devastating a loss like this can be. The FBI later confirmed that the Lazarus Group was behind it, the same North Korean-backed hackers responsible for numerous cyber heists. Their operation, dubbed “TraderTraitor,” once again proved how vulnerable the crypto industry remains, even after years of hard lessons.
How This Mirrors My Own Experience
Reading about Bybit’s breach, I couldn’t help but reflect on my own ordeal. In UNDERMINED, I recount how I fell victim to a sophisticated attack that drained my accounts of over 500 Bitcoin and other assets, amounting to a staggering loss of $31.5 million.
The method was different, but the result was the same—financial devastation and an uphill battle to seek justice. Just as Bybit’s security measures were outmatched, I, too, found myself caught off guard by the sheer complexity and precision of the attack against me. My hacker exploited vulnerabilities in my mobile carrier’s security, intercepting my SMS verification codes and gaining access to my exchange accounts and email account. In a matter of minutes, everything I had built was gone.
Lessons We Can Take from These Attacks
Bybit’s attack and my own experience highlight the same painful truth: crypto remains a prime target for cybercriminals, and exchanges, investors, and even the most security-conscious individuals are never 100% safe.
Here are some critical takeaways from both of our experiences:
- Hackers Are Always Evolving: Whether through phishing, SIM-swapping, or social engineering, cybercriminals continue to develop new methods to bypass security measures.
- Exchanges Are Not Impenetrable: No matter how large or reputable an exchange is, it is still vulnerable. Decentralization and self-custody may offer better security, but even those come with risks.
- Security Needs to Be Personal: Whether you’re an individual investor or running a billion-dollar exchange, your security setup is your last line of defense. Multi-factor authentication, hardware wallets, and avoiding SMS-based verification can help mitigate risks.
A Call for Change
If there’s one thing I’ve learned from both my own loss and major hacks like Bybit’s, it’s that the crypto industry has to do better. Exchanges need to implement stronger security protocols, and users need to take extra precautions to protect their assets. Because when you’ve lived through a loss like this, you know how devastating it is. It’s not just money—it’s your future, your security, and in some cases, your entire life’s work.
The Bybit hack serves as another grim reminder of what I wrote about in UNDERMINED—in crypto, trust is a fragile thing, and if you’re not proactive, you can lose everything in an instant.