A major Ethereum security attack on ByBit shook the industry when it became clear that the same perpetrator had stolen assets from the crypto exchange. The hacker swept $1.4 billion from Bybit as well as $69 million from Phemex through a single Ethereum wallet identified as 0x33d0…8F65. The recent theft of stolen assets has given forensic experts an urgent need to track down funds while underscoring exchange security concerns for the cryptocurrency market.
Bybit’s $1.4 Billion Breach: A Sophisticated Attack
The Bybit multi-signature (multi-sig) Ethereum cold wallet experienced a sophisticated cyber breach on February 21st, 2025. By manipulating Bybit’s signing system, an attacker executed fraudulent transactions, which resulted in a withdrawal of 401,346 ETH worth $1.13 billion at that time. Stolen assets were fast forwarded to a wallet with an unknown owner, which then dispersed them through various addresses.
Phemex Hack: $69M Drained and Linked to Same Wallet
The digital asset breach of Bybit was followed by Phemex being hit by unauthorized withdrawals totaling $69 million in January. The funds stolen from Bybit and Phemex were sent to Ethereum address 0x33d0…8F65.
Lookonchain tracked blockchain transactions showing ETH from both exchanges routed into new wallets for possible liquidation purposes. The movement of funds appears to be a deliberate strategy to move capital in a way that would evade widespread detection.
Are North Korean Hackers Behind This?
Blockchain detective ZachXBT believes Lazarus Group, the North Korean cybercrime outfit, is carrying out these attacks based on his investigation. Lazarus Group maintains a notorious record of carrying out large-scale cyberattacks, including the Ronin Bridge hack, which caused Harmony a $600M loss, and the Horizon Bridge hack, which cost Harmony $100M.
What’s Next?
The ongoing investigation by blockchain forensic teams allows authorities to prevent the hacker from accessing all stolen funds. Exchange platforms Bybit and Phemex will update their users on ongoing investigation developments. This incident explicitly demonstrates the immediate need for improved security protocols to protect crypto exchange platforms through better smart contracts and multiple authentication mechanisms.
