About ByBitHacked.com
ByBitHacked.com is an independent news hub with a single, narrow remit: track the February 2025 ByBit breach, its aftermath, and the exchange's recovery — accurately, transparently, and without corporate spin.
What this site is
ByBitHacked.com covers the February 21, 2025 ByBit hack — the largest crypto exchange theft in recorded history — the ongoing Lazarus Group attribution and recovery effort, and ByBit's post-breach security posture. We publish a living timeline, a crisis-response analysis, a security-architecture breakdown, weekly-updated news cards, and a twelve-question FAQ, with every factual claim traceable to a named public source.
Who curates it
This site is curated by Dan Navarro, an independent editor and domain investor. Dan curates related crypto-security and markets coverage at blog.domainerdan.com. Editorial direction, source selection, and factual review are handled by a single human — no ghost "team" voice, no AI-generated opinion pieces. If a page contains an error, Dan is the person responsible for correcting it.
Editorial standards
Every non-trivial factual claim is attributed to a public, verifiable source. We distinguish between confirmed facts (on-chain data, FBI attribution, audited reserves), ByBit's own public statements (clearly labelled as such), and analysis (our own or that of named on-chain investigators). Where numbers have changed over time — e.g. recovery rates, bounty payouts — we update the figure on-page and revise the "last reviewed" date at the top and bottom of each page. Corrections are made openly, not silently.
We do not publish anonymous insider tips, private DMs, or speculation presented as fact. We do not run sponsored posts, paid placements, or "from our partners" native-advertising content. Every commercial CTA on this site is a transparent affiliate link to ByBit, disclosed on the button and in the footer.
How we source
Our primary sources are:
- FBI public attribution statement (IC3 advisory, February 26, 2025) naming TraderTraitor / Lazarus Group.
- ByBit's official post-incident disclosures — CEO Ben Zhou's live X threads, the ByBit corporate blog, and the company's Proof of Reserves portal.
- ZachXBT's on-chain forensic threads and address labelling for the stolen ETH flows.
- Hacken and other third-party security audit reports on ByBit's post-hack architecture.
- Mainstream crypto-press reporting — CoinDesk, The Block, Decrypt, Cointelegraph — used to cross-check and date-stamp events.
See Methodology for a deeper walkthrough of our sourcing and fact-check process.
Affiliate disclosure
ByBitHacked.com uses a ByBit affiliate link for the "Trade on ByBit" call-to-action buttons. If you click through and open an account, this site may earn a commission at no additional cost to you. This is disclosed in plain English on the CTA itself (rel="sponsored"), in the footer of every page, and here.
The presence of an affiliate arrangement does not influence editorial content. This site would cover the Feb 2025 hack and ByBit's recovery in the same factual terms — including the criticisms — whether or not the affiliate programme existed. We reserve the right to drop the affiliate arrangement entirely if we judge that ByBit's security posture, solvency, or conduct has materially deteriorated.
What this site is not
This site is not affiliated with ByBit Ltd, its executives, or any of its entities. We are not a ByBit PR channel, a customer-support surface, or an official communication of the exchange. For ByBit account issues, use ByBit's official help centre. This site does not provide financial, investment, legal, or tax advice — crypto trading involves substantial risk of loss and you should only trade what you can afford to lose.
Corrections & contact
Spot a factual error? Have a primary source we've missed? Please reach the editor via blog.domainerdan.com. Substantive corrections are made within 24–48 hours and logged on the affected page.