Happy Sunday dispatchers!

Someone clicked a button. It looked perfectly normal.

The destination address was right. The interface was familiar.

Everything seemed fine. Until it wasn't.

$1.4 billion vanished in minutes.

This is a story about the biggest heist in crypto history.

It's also about something else entirely. Something unexpected. Something that wasn't supposed to happen in crypto.

Something that might just save it.

Buy Once, Earn Daily Bitcoin Forever

Infinity Hash brings the best aspects of cloud and colocation mining into a transparent and reliable system that provides long-term cash flow.

The most expensive mistake in crypto history started with a simple transaction approval.

And we have a record breaking hack story.

On February 21, 2025, someone at Bybit, the world's third-largest crypto exchange, clicked "confirm" on what looked like a routine transfer between the exchange's cold and warm wallets.

Something was off — the transaction interface had been carefully manipulated, displaying the correct destination address while secretly altering the underlying smart contract logic.

Within minutes, $1.4 billion in Ethereum and related tokens vanished.

A moment that would rewrite the industry's security playbook. The amount stolen was more than twice the size of the previous record holder, the $600 million Ronin Network exploit.

To put it in perspective, this single heist exceeded the total value of all crypto stolen in the entirety of 2023.

The Numbers Game

• $1.4 billion in stolen assets

• 350,000 withdrawal requests processed in 10 hours

• $5.3 billion total decline in assets (including withdrawals)

• Over 99.9% of withdrawal requests successfully processed

The Immediate Impact

• $2.5 billion plunge in total assets from the hack

• Additional $2.8 billion in subsequent user withdrawals

• Total reserves dropped to $5.7 billion

Bitcoin holdings fell by $1.6 billion.

Get 17% discount on our annual plans and access our weekly premium features (HashedIn, Wormhole, Rabbit hole and Mempool) and subscribers only posts.

Upgrade to paid

What happened next was even more remarkable.

Instead of freezing withdrawals — the standard crisis response in crypto — Bybit's CEO Ben Zhou made an unprecedented decision: keep the gates open. As panic spread and withdrawal requests flooded in, Zhou appeared on camera assuring users that their funds were safe.

"Bybit is solvent even if this hack loss is not recovered," he declared. "All of clients' assets are 1-to-1 backed, we can cover the loss."

It was a bold claim, especially as the exchange processed over 350,000 withdrawal requests in just 10 hours. Zhou wasn't bluffing.

As Bybit scrambled to maintain stability, blockchain sleuths were already uncovering an even more disturbing truth: the digital fingerprints pointed to a familiar and formidable adversary — North Korea's infamous Lazarus Group.

The same team that had orchestrated the Ronin Network hack, the DMM Bitcoin breach, and countless other crypto heists had just pulled off their masterpiece.

They did it by exploiting a vulnerability that security experts had been warning about for months.

"No one is prepared for the attack vector. This will happen again and again and again," MetaMask's lead security researcher Taylor Monahan had warned.

She was right. The Bybit hack wasn't just about the money — it exposed fundamental vulnerabilities in how even the most sophisticated crypto institutions handle transaction security.

The Lazarus Playbook

The Lazarus Group rewrote the rules of crypto exploitation.

The attack exploited one of crypto's fundamental security features: multisig wallets.

These were supposed to be the gold standard of security, requiring multiple approvers for any transaction. The Lazarus Group found a way to turn this strength into a weakness.

They managed to compromise the user interface of Safe, Bybit's multisig wallet provider, making malicious transactions appear legitimate to the exchange's signing authorities.

A Pattern of Sophistication

The hack shares an unsettling similarity with recent attacks on WazirX ($235 million) and Radiant Capital ($50 million). In each case, the attackers managed to circumvent security measures by reimplementing a version of each project's crypto wallet while maintaining an identical front-end appearance.

"You can't see it. It fucking fakes the goddamn frontend," warns Taylor Monahan.

Blockchain sleuth ZachXBT, who claimed Arkham Intelligence's 50,000 ARKM bounty for identifying the perpetrators, uncovered a complex web of transactions linking the Bybit hack to previous Lazarus operations.

The stolen funds were quickly split across 48 different wallets in an attempt to obscure their movement. The attackers made one crucial mistake — they reused wallet addresses connected to January's $85 million Phemex exploit.

This wasn't just opportunistic theft. It was part of a larger, more coordinated campaign by North Korean state-sponsored hackers who have turned crypto theft into a fine art. In 2024 alone, they've managed to steal over $1.34 billion across 47 incidents — a staggering 102% increase from 2023.

An Industry United

The crypto industry was showing unprecedented solidarity. Within hours, competing exchanges set aside their rivalries to help Bybit weather the storm.

• Binance offered 50,000 ETH in emergency liquidity

• Bitget transferred 40,000 ETH and blacklisted the hacker's wallets

• Crypto.com deployed its cybersecurity team to assist

• Tether froze 181,000 USDT linked to the attack

"Our team of security and researchers are currently tracking these activities," said Bitget CEO Gracy Chen, promising to share any findings to support the industry.

Bybit's independent proof-of-reserves auditor Hacken also responded to this. Even after the hack and massive withdrawals, they confirmed that Bybit's reserves still exceeded its liabilities.

The exchange had built such robust reserves that even crypto's largest theft couldn't break it.

"This makes it the largest crypto theft of all time, by some margin. In fact, it may even be the largest single theft of all time," noted Elliptic's Chief Scientist Tom Robinson.

The attack has raised serious questions about the security of Safe, the wallet provider used by many major crypto institutions. While Safe maintains that their "official front-end was not compromised," security researchers have uncovered some troubling details.

Researchers at Groom Lake discovered that identical transaction hashes appeared on both Ethereum and Base networks — something that should be mathematically impossible. This suggests the attackers may have found a way to exploit cross-chain vulnerabilities that no one had previously considered.

The Ripple Effects

The impact of the Bybit hack extends far beyond the stolen billions. It has fundamentally changed how the crypto industry thinks about security, centralisation, and the evolving threat landscape.

Ethereum's price dropped 8% within hours of the hack, dragging the broader crypto market down. It exposed vulnerabilities that many thought impossible in modern crypto infrastructure.

If there's a silver lining to this dark cloud, it's in Bybit's crisis management. CEO Ben Zhou's decision to keep withdrawals open — even as $5.7 billion in assets flowed out — was unprecedented in crypto history.

Even Binance's former CEO, Changpeng Zhao, who suggested halting withdrawals, had to acknowledge the effectiveness of Zhou's approach.

The North Korean Question

The confirmation of Lazarus Group's involvement raises uncomfortable questions about state-sponsored crypto theft. This wasn't just criminals seeking profit — it was North Korea funding its weapons programme through cryptocurrency heists.

Over the past year alone, North Korean hackers have been responsible for:

• The $305 million DMM Bitcoin hack

• The $230 million WazirX hack

• The $50 million Radiant Capital hack

• The $16 million Rain Management hack

Together with the Bybit heist, these attacks represent over 61% of all crypto stolen in 2024.

The hack has reignited the debate about centralised versus decentralised crypto storage. While centralised exchanges offer convenience, they also present concentrated targets for sophisticated attackers.

Token Dispatch View 🔍

The Bybit hack was a stress test that showed both crypto's vulnerabilities and its strengths. First, the good news: The industry responded to its largest-ever crisis with remarkable maturity. Competitors became allies.

Transparency trumped secrecy. An exchange faced a $1.4 billion loss without folding. The bad news? North Korea's Lazarus Group just showed us their playbook is getting increasingly sophisticated. UI manipulation. Smart contract logic alterations. Cross-chain exploits.

They're evolving faster than our defences. Crypto is adapting. Cyvers' offchain transaction validation could block 99% of similar attacks. AI-powered detection systems are getting smarter. And real-time blockchain surveillance is becoming standard.

Yet technology alone won't save us.

The real innovation from this crisis isn't technical — it's social. When Bybit's competitors rushed to help, they showed that crypto has outgrown its everyone-for-themselves phase.

There's a certain irony here. An industry built on trustless systems just demonstrated that some trust — between exchanges, between competitors — might be exactly what it needs to survive.

Ben Zhou says the real work has just started. He's right. For once, the crypto industry isn't facing that work alone. The $1.4 billion lesson hurts. But seeing crypto's collective defense system kick in? That might just be priceless.

Week That Was 📆

• Saturday: Has Binance Solved Its Legal Puzzle? 🧩

• Friday: Hayden Davis: Architect of Presidential Crypto 👨🏼‍💻

• Thursday: What’s Cookin’ at $COIN and $HOOD? 🧿

• Wednesday: Libra Saga: SOL Gets METEOR(A)ic Blow ☄️

• Tuesday: 'I Have $100 Million And Nowhere To Run'👱🏻‍♂️

• Monday: Low Liquidity Strangles Bitcoin 🤏

Token Dispatch is a daily crypto newsletter handpicked and crafted with love by human bots. You can find all about us here 🙌

If you want to reach out to 200,000+ subscriber community of the Token Dispatch, you can explore the partnership opportunities with us.

Disclaimer: This newsletter contains sponsored content and affiliate links. All sponsored content is clearly marked. Opinions expressed by sponsors or in sponsored content are their own and do not necessarily reflect the views of this newsletter or its authors. We may receive compensation from featured products/services. Content is for informational purposes only, not financial advice. Trading crypto involves substantial risk - your capital is at risk. Do your own research.