Bybit Suffers $1.5 Billion Crypto Heist, The Largest In History - 1

Image by Traxer, from Unsplash

Bybit Suffers $1.5 Billion Crypto Heist, The Largest In History

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Dubai-based cryptocurrency exchange Bybit has confirmed a staggering $1.5 billion loss due to a hacking attack, marking what could be the biggest theft in digital asset history.

In a Rush? Here are the Quick Facts!

  • Hackers targeted Bybit’s Ethereum cold wallet, stealing 400,000 Ethereum coins.
  • Ethereum’s value dropped nearly 4% following the theft.
  • Bybit offers a 10% bounty to recover the stolen funds.

The company assured users that their funds were safe, as it vowed to reimburse all affected customers.

Bybit’s co-founder and CEO, Ben Zhou, disclosed that the hackers targeted the platform’s Ethereum cold wallet—a more secure storage method compared to online “hot” wallets. Zhou confirmed that approximately 400,000 Ethereum coins were stolen and transferred to an unknown address, as reported by the Financial Times (FT).

“As far as we know this could be the largest hack in the history of our industry,” Zhou stated in a live-stream update.

The Guardian explains that the security breach occurred when Bybit was conducting a routine transfer of Ethereum from its cold wallet to a “warm” wallet, which manages daily trading transactions. Hackers exploited security controls to access the funds. Although the precise method remains unclear, an investigation is underway.

The massive theft shook the cryptocurrency market, causing Ethereum’s value to drop by nearly 4% on Friday before partially recovering, as reported by the BBC . The hack has reignited concerns over the security of digital asset platforms, a long-standing issue in the crypto industry.

Bybit has called upon the “brightest minds” in cybersecurity and crypto analytics to help track and recover the stolen funds. The company is offering a 10% bounty—potentially amounting to $140 million—to those who assist in retrieving the stolen assets, as reported by The Guardian..

Despite the incident, Zhou reassured customers that Bybit remains solvent, with $20 billion in assets under management. He also noted that the exchange had secured a bridge loan from partners to cover any unrecovered losses, as reported by The Guardian.

Zhou wrote on X:

Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. — Ben Zhou (@benbybit) February 21, 2025

However, the exchange faced a surge in withdrawal requests following the attack, receiving over 350,000 customer withdrawal orders, leading to delays in processing, as noted by The Guardian.

Bybit has reported the theft to authorities and is working with blockchain analysts to trace the stolen funds. The attack underscores ongoing vulnerabilities within the crypto sector, despite efforts to enhance security.

Hackers Hijack PayPal’s System To Send Convincing Scam Emails - 2

Image by Ivan Radic, from Unsplash

Hackers Hijack PayPal’s System To Send Convincing Scam Emails

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A recent scam is targeting PayPal users by sending fake emails that appear to come from PayPal’s official address, “service@paypal.com.”

In a Rush? Here are the Quick Facts!

  • Victims are tricked into calling a fake support number for account recovery.
  • Scammers use remote access software to steal personal and financial information.
  • PayPal is aware of the scam and working on prevention measures.

The most concerning part of this scam is that attackers are using legitimate PayPal emails. Since these messages are properly authenticated, they bypass security filters and spam protections, as noted by Forbes .

This makes it more likely that recipients will trust the email and follow the instructions, ultimately giving scammers access to their PayPal accounts.

New PayPal Phishing technique bypass all filters ? by u/prometheus_0day in Scams

The scam, first reported by Bleeping Computer , uses these emails to claim that a new shipping address has been added to an account and include a message about a supposed purchase, such as a MacBook M4 Max 1 TB priced at $1,098.95.

The email urges recipients to call a provided phone number if they did not authorize the change. The researchers explain that scammers exploit PayPal’s “gift address” feature, which allows users to add multiple shipping addresses to their accounts.

By inserting fraudulent messages into the address fields, they trigger legitimate confirmation emails from PayPal to their own email addresses.

These emails are then forwarded to a broader list of targets, making it appear as though PayPal is directly contacting them. Since these emails originate from PayPal’s servers, they often bypass spam filters and seem authentic to recipients.

The primary goal is to alarm recipients into believing their account has been compromised. The email prompts them to call a fake customer support number. When victims call, scammers posing as PayPal representatives instruct them to download software under the guise of resolving the issue.

This software grants the scammers remote access to the victim’s computer, enabling them to steal personal information, install malicious programs, or access financial accounts.

To safeguard against such scams, the researchers say that users should verify account changes by logging into their PayPal account directly through the official website or app rather than using contact details from suspicious emails.

Even if an email appears legitimate, links and attachments should not be opened unless their authenticity is confirmed.

The researchers explain that common red flags of phishing attempts include generic greetings like “Dear user,” urgent requests for immediate action, or notifications of unrecognized transactions.

Any suspicious communications should be forwarded to phishing@paypal.com before being deleted.

This security incident comes as PayPal faces increased scrutiny over its cybersecurity practices. In a separate case, the company was fined $2 million by New York’s Department of Financial Services for failing to prevent a data breach in late 2022.

The breach, which lasted seven weeks, exposed sensitive customer information, including Social Security numbers, due to PayPal’s failure to implement multifactor authentication and CAPTCHA.

The company has since strengthened its security measures by mandating multifactor authentication and enforcing stricter login protocols.

Bleeping Computer reports that PayPal has acknowledged the new scam issue and is reportedly working on measures to prevent such abuses of their system. In the meantime, users are advised to remain vigilant and proactive in protecting their accounts.