Skip to content
Blockchain Posts

exploit

Bybit cold wallet drained for ~$1.5B; Lazarus signatures on-chain

Bybit's primary ETH cold wallet lost about 401,000 ETH on Feb 21, 2025 via a Safe{Wallet} UI manipulation. Arkham and the FBI attribute the attack to Lazarus.

by 4 min read
exploitethereumbybitlazarusinfrastructure

Bybit's primary Ethereum cold wallet was drained on February 21, 2025 of roughly 401,000 ETH and ETH-pegged assets (stETH, mETH, cmETH) — about $1.46B at the time of the transfer, the largest single crypto exploit on record. CEO Ben Zhou confirmed the loss within hours and said Bybit's reserves cover the gap. Arkham Intelligence and on-chain investigator ZachXBT tied the funds to Lazarus Group; the FBI's IC3 advisory on February 26 made the attribution official under the "TraderTraitor" cluster.

What happened

The attacker did not break Bybit's signing setup directly. They corrupted what the signers saw. A scheduled transfer from Bybit's primary ETH multisig cold wallet to a warm wallet was prepared on Safe{Wallet}. The hardware-wallet operators reviewed the transaction in the Safe{Wallet} UI, which showed a routine transfer, and signed it. The transaction that actually hit the chain replaced the multisig's implementation contract via delegatecall, after which the new implementation moved the wallet's full balance to attacker-controlled addresses.

Funds were then split across hundreds of intermediate addresses and pushed into ETH-to-BTC swaps and cross-chain bridges over the following 48 hours — the same laundering pattern previously seen on Ronin (March 2022, $625M) and Atomic Wallet (June 2023).

Mechanism — the Safe{Wallet} supply-chain step

Safe published a post-mortem on March 6, 2025. The relevant chain of events:

  1. A developer machine at Safe with privileged access to the Safe{Wallet} frontend pipeline was compromised, reportedly via a social-engineering vector tied to a fake job interview — a Lazarus signature.
  2. The attacker used those credentials to push a targeted JavaScript payload to the Safe{Wallet} frontend assets served from AWS S3.
  3. The payload was scoped: it activated only for the specific Bybit cold-wallet address. For every other Safe user, the UI behaved normally.
  4. When Bybit signers loaded the UI, the payload swapped the on-screen transaction details so signers reviewed a benign transfer while their hardware wallets signed a delegatecall to a malicious implementation.

The hardware wallets themselves were not bypassed. They signed exactly what they were shown — which was not what the UI displayed.

Impact

  • Bybit absorbed the loss from its reserves and a syndicate of bridge loans from other exchanges. Withdrawals stayed open throughout.
  • Safe took the frontend offline for several hours, rotated infrastructure credentials, and rolled out a hardened build with stricter content-integrity checks on signed payloads.
  • Hardware-wallet vendors (Ledger, Trezor) used the incident to push the case for full transaction simulation and "clear signing" of complex calldata — not just the function selector.
  • Several CEXes paused or reviewed their use of Safe{Wallet} as a custody front-end, with some moving signing flows to in-house tooling.

What to watch

  1. The funds: a large fraction has already moved through THORChain, eXch and various bridges. Recovery is unlikely; the question is how much surfaces at compliant venues over the next 12–18 months.
  2. Safe{Wallet} hardening: whether the new frontend integrity scheme survives independent audits, and whether competing front-ends (Den, Multis, OneKey) gain market share from cold-wallet operators.
  3. Hardware-wallet clear-signing: how quickly Ledger, Trezor and Keystone ship full decoding of Safe transactions on-device — without it, the next supply-chain attack on any signing UI has the same primitive available.

Context

The Bybit incident is not a smart-contract bug. The contracts behaved as written. The exploit lived entirely in the path between signer intent and signed payload — the same class of attack as the Radiant Capital exploit (October 2024, $50M) and the WazirX hack (July 2024, $230M), both also attributed to North Korean threat actors and both also turning on signers approving a delegatecall they could not read.

For operators: the lesson is that a multisig signed on a corrupted UI is no harder for an attacker than a single private key. The signing surface — frontend, transaction renderer, hardware-wallet display — is the soft target now.

Related stories