# ByBitHacked.com

> Independent news hub covering the February 21, 2025 ByBit hack — the largest single crypto exchange theft in history — the ongoing Lazarus Group attribution and recovery effort, and ByBit's post-breach security posture. Curated by Dan Navarro (blog.domainerdan.com). Not affiliated with ByBit Ltd.

## About This Site

ByBitHacked.com is a tightly-scoped, independent news hub with one remit: track the Feb 21, 2025 ByBit breach, the $1.5 billion ETH theft attributed by the FBI to North Korea's Lazarus Group (TraderTraitor sub-unit), ByBit's crisis response, and the exchange's recovery. Every non-trivial factual claim is attributed to a public primary source — FBI IC3 advisories, ByBit's own disclosures, ZachXBT's on-chain threads, Hacken and other third-party audit reports, and corroborating mainstream crypto-press reporting. The site carries a disclosed ByBit affiliate link; the affiliate relationship does not influence editorial content.

## Key Pages

- **Home** — https://bybithacked.com/ — Hack & recovery hub. Answer capsule, full event timeline, crisis-response cards, security architecture, news grid, 12-question FAQ, editorial / about, exchange-failure comparison table.
- **About & Editorial Standards** — https://bybithacked.com/about.html — Curator identity (Dan Navarro, blog.domainerdan.com), editorial standards, sourcing summary, affiliate disclosure, corrections policy.
- **Methodology** — https://bybithacked.com/methodology.html — Five-step sourcing and fact-check process, primary-source table (FBI, ByBit, ZachXBT, Hacken, press), what we don't publish, affiliate-and-independence policy. Includes HowTo schema.
- **FAQ** — https://bybithacked.com/faq.html — Twelve-question FAQ mirroring the on-page version: what was the hack, how much was stolen, who hacked ByBit, when, how, did users lose money, is ByBit safe now, has ByBit recovered stolen funds, the $140M bounty, Proof of Reserves, why still operating, should I use ByBit.
- **Feb 21, 2025 — Full Hack Timeline** — https://bybithacked.com/news/hack-timeline-feb-21-2025.html — Minute-by-minute timeline of the Safe{Wallet} supply-chain compromise, the 401,000 ETH drain, CEO Ben Zhou's live X response, ZachXBT's same-day on-chain trace, and the FBI's Feb 26 TraderTraitor / Lazarus attribution.
- **Crisis Response Analysis** — https://bybithacked.com/news/bybit-crisis-response-analysis.html — Six-pillar analysis of why ByBit is the first billion-dollar-hacked exchange to survive without user losses, with a full Mt. Gox / FTX / Celsius / QuadrigaCX / Bitfinex comparison.

## Key Facts — The February 2025 ByBit Hack

- **Date:** February 21, 2025 (approximately 14:30 UTC).
- **Amount stolen:** approximately 401,000 ETH, valued at ~$1.5 billion at the time of the breach.
- **Largest crypto exchange theft ever recorded** — surpassing the 2022 Ronin Bridge hack ($625M) and the 2021 Poly Network incident ($611M).
- **Attack vector:** supply-chain compromise of the Safe{Wallet} multi-signature signing interface used by ByBit for cold storage operations. The underlying multi-sig cryptography was not broken — the UI presenting transactions to the signers was manipulated.
- **Attribution:** FBI Internet Crime Complaint Center (IC3) advisory, February 26, 2025 — TraderTraitor, a sub-unit of North Korea's Lazarus Group. ZachXBT published the first public on-chain attribution within hours of the attack on February 21.
- **User outcome:** ByBit honored 100% of withdrawal requests in the 48 hours following the breach, using its own reserves plus emergency bridge loans from industry partners. No user lost funds. No withdrawal freeze, gate, or delay.
- **CEO response:** Ben Zhou went live on X within hours of the breach, confirming the hack and pledging to honor all withdrawals. Setting a new bar for crisis transparency in crypto.
- **Recovery bounty:** ByBit launched a $140 million bounty program coordinated with blockchain-analytics firms and law-enforcement agencies.
- **Security overhaul:** rebuilt cold-wallet architecture with air-gapped signing and HSMs, enhanced multi-signature protocols, time-locked large transfers, suspension of Safe{Wallet} integration pending independent review, cryptographic code verification for third-party integrations, rolling third-party audits (Hacken and others).
- **Proof of Reserves:** real-time Merkle-tree Proof of Reserves live since April 2025, showing 1:1 asset backing across BTC, ETH, USDT, USDC.
- **Volume recovery:** approximately 92% of pre-hack 30-day average by June 2025; new user registrations exceeded pre-hack rates in key markets.

## Key Facts — Why ByBit Survived

Unlike every previous billion-dollar-scale exchange event (Mt. Gox, QuadrigaCX, FTX, Celsius), ByBit:
- Honored all withdrawals immediately (no freeze, no gate)
- Communicated from the CEO level within hours, not days
- Coordinated openly with on-chain investigators and law enforcement
- Rebuilt the compromised architecture rather than just changing policy
- Stood up verifiable Proof of Reserves as a credibility layer
- Continued operating as a solvent exchange through and beyond the breach

## Editorial

- **Curator / editor:** Dan Navarro — independent editor and domain investor. External authority link: https://blog.domainerdan.com/
- **Scope:** Feb 2025 ByBit breach and recovery. Adjacent crypto-security news covered only where directly relevant.
- **Update cadence:** Reviewed weekly during active developments; monthly during quiet periods.
- **Corrections:** Substantive factual corrections are logged openly on the affected page, with the `dateModified` field and the "last reviewed" stamp advanced.
- **Affiliate:** Disclosed ByBit affiliate link on the "Trade on ByBit" CTA (`rel="sponsored"`) and in the footer of every page. Editorial independence is preserved (see Methodology).

## Primary Sources

- FBI Internet Crime Complaint Center (IC3) — attribution advisory (Feb 26, 2025).
- ByBit corporate blog and CEO Ben Zhou's verified X account (post-incident disclosures, Feb 21, 2025 onwards).
- ZachXBT (on-chain investigator) public threads — first attribution Feb 21, 2025 evening UTC.
- Elliptic, TRM Labs, Chainalysis — independent blockchain-analytics attribution reports (Feb 22–25, 2025).
- Hacken — third-party audit reports on ByBit's post-hack architecture.
- CoinDesk, The Block, Decrypt, Cointelegraph — used to cross-check dates and quotes, not as primary sources in their own right.

## Contact

Corrections and primary-source pointers: reach the editor via https://blog.domainerdan.com/