Cryptocurrency exchange Bybit suffered a $1.4 billion hacker attack in February 2025 that exposed structural weaknesses in custodial systems long considered industry standards, equivalent to: B. Cold storage and multi-signature wallets.
At the time, the exploit was the most important known hack in cryptocurrency history, but that difference was later eclipsed by findings that Chinese mining pool LuBian had lost $3.5 billion in 2020.
“The [Bybit] “Hack showed that cold storage and multisig labels are meaningless if the approval flow, transaction visibility or signatory environment may be manipulated,” said Ishai Shoham, head of product at crypto infrastructure company Utila. “After Bybit, custody architecture became a first-order risk issue reasonably than a back-office detail.”
The incident also prompted the Financial Action Task Force (FATF) to induce global regulators to deal with illicit financial risks in cryptocurrencies, while exchanges tightened transaction approval procedures and raised standards for detecting and coping with violations.
Private key hacks are answerable for major losses in centralized services. Source: Chainalysis
What is FATF and why is it necessary?
The FATF is an intergovernmental body that sets standards to combat money laundering and terrorist financing. Its recommendations should not legally binding, but its members are expected to stick to its standards. For non-members, inclusion on the FATF gray list could limit access to assistance and damage banking relationships.
In a June 2025 report, the FATF called the Bybit hack the most important crypto theft of all time. It warned that cross-chain activity, stablecoins and uneven global enforcement would increase the risks of illicit finance faster than existing controls could contain them.
The FATF called on jurisdictions to tighten licensing and assess the risks related to foreign exchanges. Source: FATF
“The case highlights persistent gaps within the travel rule and enforcement. Once funds flow into DeFi, it becomes difficult to stop layering and money laundering, especially as automation tools make these processes faster and easier,” Joshua Chu, asset recovery lawyer and co-chair of the Hong Kong Web3 Association, told Cointelegraph.
The FATF called on jurisdictions to speed up licensing, supervision and international coordination, calling the incident evidence that deficiencies in custody and transaction monitoring have now posed systemic risks to the worldwide economic system. Like the US Federal Bureau of Investigation and countless security experts, the FATF linked the exploit to hackers with ties to North Korea.
Blockchain expert ZachXBT was the primary to officially link Lazarus Group to the Bybit hack. Source: Arkham
“If you ask who was probably the most influential person in crypto in 2025, I’d say Kim Jong Un. Despite the political attention on crypto laws and standard alignment, the Bybit hack dominated the FATF report.”
Around the identical time, Singapore tightened its licensing system, requiring unlicensed crypto firms to either seek permits or exit the market. While Singapore grabbed many of the headlines, regulators in countries like Thailand and the Philippines conducted similar enforcement campaigns.
The custody security and money laundering assumptions fail
After the Bybit hack, the industry's understanding of each the safety of custody and the illicit movement of funds modified.
Shoham said the breach made it clear that the first vulnerabilities were not cryptographic in nature.
“Once funds leave a compromised wallet, attackers can atomize and reassemble value across chains faster than human response cycles,” he said.
This shift modified the industry’s view from viewing mixers as a primary threat to recognizing that the decentralized routing infrastructure itself enables large-scale, automated theft.”
The Bybit hack also sparked a long-standing debate about cross-chain infrastructure and the responsibilities of decentralized protocols. As stolen funds moved across chains, attention once more turned to routing networks like THORChain and eXch, which were utilized by attackers to exchange assets without counting on central intermediaries.
Proponents of decentralized models argued that such protocols are neutral infrastructures that may operate without discretion or gatekeeping. Critics countered that their architecture makes them particularly attractive for laundering large amounts of stolen assets, especially when combined with automation and fragmented liquidity across chains.
Some swappers like eXch were shut down shortly after the hack.
Bybit sets latest standards for crisis response
The Bybit hack led to a broader shift in the best way the industry approaches each custody and compliance. As cross-chain movement accelerates and static controls fall short, exchanges and infrastructure providers are increasingly expected to use governance at the extent of transaction behavior reasonably than relying solely on address-based restrictions.
For Bybit, the $1.4 billion breach could have marked the beginning of an extended collapse. Given the dimensions of the exchange, initial fears centered on the opportunity of an FTX-like contagion, which could have triggered one other industry-wide downturn just as markets were recovering.
Instead, the stock market's response has set a distinct precedent. CEO Ben Zhou made public appearances throughout the incident and hosted livestreams to update users on recovery efforts. Instead of stopping withdrawals, which is common in times of crisis, Bybit kept them open and sourced Ether from partner exchanges to fulfill immediate customer demand.
This approach has since influenced how other platforms prepare for and reply to serious breaches.
Freezing withdrawals is not any longer the default response, and real-time communication has turn out to be a basic expectation. Despite the size of the hack, Bybit stays one in every of the most important exchanges on the planet and is commonly ranked because the second largest platform by every day trading volume.
