TLDR

  • The Bybit security breach revealed critical flaws in cold storage and multisignature custody systems.
  • FATF designated the $1.4 billion Bybit attack as the biggest cryptocurrency theft in history.
  • Hackers from North Korea, associated with the Bybit incident, were a central focus of FATF’s 2025 findings.
  • Bybit maintained withdrawal functionality, establishing a new benchmark for crisis management.

A February 2025 cyberattack on the cryptocurrency exchange Bybit, resulting in $1.4 billion in losses, transformed worldwide views on digital asset safety and regulatory focus. The incident, connected to North Korean hackers, served as a pivotal moment that positioned Kim Jong Un as the most impactful individual in crypto that year.

The Financial Action Task Force (FATF) identified the Bybit heist as the largest in the history of cryptocurrency, cautioning that cross-chain operations and stablecoins were increasing risks associated with illicit finance more rapidly than current frameworks could address.

Custody Systems Questioned After $1.4 Billion Theft

The exploit against Bybit showed that cold storage and multisignature wallets—previously regarded as the most secure solutions in the sector—were not infallible. Ishai Shoham, head of product at Utila, stated, “Cold storage and multisig labels are irrelevant if the authorization process or the environment of the signers can be compromised.”

In the aftermath of the breach, trading platforms began reassessing their internal custody approaches, placing greater emphasis on real-time transaction authorization and verification across multiple environments. The event also prompted conversations about advancing past static security based on wallets to dynamic surveillance systems that can detect behavioral irregularities.

FATF Report Links Hack to North Korea

FATF’s June 2025 report formally recognized the Bybit event as the largest recorded cryptocurrency theft and associated it with state-sponsored hackers from North Korea. The report called on member nations to enhance licensing, oversight, and international cooperation.

“This incident underscores continuing deficiencies in the Travel Rule and its enforcement,” remarked Joshua Chu, co-chair of the Hong Kong Web3 Association. He further noted that automation and decentralized finance had sped up money laundering to a pace exceeding human intervention.

FATF stressed that these security weaknesses had grown into systemic threats to the international financial architecture. Consequently, regulatory areas including Singapore, Thailand, and the Philippines implemented more stringent licensing criteria for exchanges.

Crosschain Movement and Laundering Risks

The attack illustrated the speed at which criminals could transfer stolen funds across decentralized networks. Shoham pointed out that once assets are moved from a breached wallet, “attackers can break down and reassemble value across different blockchains faster than human-led response mechanisms can react.”

This development altered the understanding of money laundering threats. Although mixing services were traditionally seen as the primary concern, attention shifted to decentralized routing protocols such as THORChain and eXch. The attackers utilized both networks to exchange assets, taking advantage of the neutral nature of cross-chain liquidity pathways.

Bybit Sets New Benchmark for Crisis Management

Bybit’s handling of the massive breach received widespread acclaim. The company’s CEO, Ben Zhou, ensured transparency by providing frequent updates via live streams. Contrary to the typical response of suspending withdrawals, the exchange continued to process them and secured Ether from allied exchanges to uphold user trust.

This strategy has since been adopted as a model for incident response by leading platforms. The episode signaled a move towards sustaining operations and clear communication during emergencies, as opposed to completely shutting down services.

Bybit’s robust response, combined with the FATF’s international spotlight on the hack, increased Kim Jong Un’s indirect sway over the cryptocurrency industry. The attack’s magnitude, complexity, and consequences led to a restructuring of international regulations, technical security standards, and crisis management protocols for exchanges.