Biggest theft in history: Bybit used freeware and became a victim as a result
Insecure freeware enabled the attackers to steal billions from Bybit. The problems had been known for a long time.
The Bybit thieves had captured ether – The price has since plummeted, as has been the case with many coins.
(Image: Zephyr_p/Shutterstock.com)
An investigation reveals something new in the Bybit case: the biggest theft in history was made possible because the company relied on insecure freeware. "Safe" is the name of the application in question, which is otherwise used for amateur crypto transactions. Bybit used it to move cryptocurrency worth 1.5 billion US dollars. Those responsible were apparently aware of how risky this was.
The New York Times is now reporting new details on the case from February 21, in which cyber criminals managed to siphon off a huge sum of the cryptocurrency Ethereum (Ether). The crypto exchange Bybit wanted to routinely transfer the Ether from one of its storage wallets to another, but the criminals siphoned it all off. The FBI accuses a group from North Korea of the crime.
Bybit CEO sank billions in assets
Bybit CEO Ben Zhou approved the transaction himself beforehand, unknowingly giving the attackers control of the ether. According to the New York Times, "Safe" was the key vulnerability. The widely used freeware for crypto wallets can be used by anyone and is popular with amateur traders. According to the Times, this did not stop Bybit from using it to move billions in assets back and forth. The cybercriminals managed to manipulate Safe in such a way that they were able to seize the transferred ether.
Particularly annoying for Bybit: according to experts, there have long been better systems that are also specialized in users with large transactions. Instead, the stolen crypto exchange continued to rely on "Safe" for years. Many security experts therefore believe that the incident could have been avoided. "In 2025, something like this is completely unacceptable", Charles Guillemet from crypto security consultancy Ledger told the New York Times. Such conditions urgently need to change.
Videos by heise
"Should have switched to a better system"
Zhou also shared his 1.5 billion US dollar insight with the newspaper: "We should have switched to a better system and moved away from Safe." Meanwhile, the loot from what is probably the biggest theft in history has now been exchanged for Bitcoin many times over.
Rahul Rumalla, one of the people responsible at Safe, emphasizes in the report that his team has since implemented new protection functions. He sees Safe as the backbone of the world's leading organizations in the crypto sector. "Our job is not to make amends for the incident, but to ensure that the industry learns from it," the New York Times quotes him as saying.
After the Bybit disaster, the industry sent prices plummeting: Bitcoin and other cryptocurrencies fell by up to 20 percent. Bitcoin fell from 110,000 US dollars to 80,000 US dollars, and even US President Trump's announcement of a national crypto reserve did not bring any recovery.
(nen)
