Bybit CEO: Vietnam’s world-class cybersecurity experts led $1.5B hack probe

By Luu Quy   March 13, 2025 | 11:28 pm PT
Bybit CEO Ben Zhou has praised Vietnamese cybersecurity firm Verichains for its crucial role in investigating the “largest crypto heist in history,” a US$1.5-billion hack targeting his cryptocurrency exchange.

"I think they may be the world's foremost experts on cyberattacks," Zhou told VnExpress following the attack, which resulted in the loss of 400,000 Ethereum (ETH).

"When I found out they were from Vietnam, I was truly surprised and impressed."

The group Zhou referred to is Verichains, a security firm composed of Vietnamese engineers renowned for their blockchain security expertise. On Feb. 21 hackers stole $1.5 billion worth of ETH from Bybit’s cold wallet.

That evening Thanh Nguyen, founder of Verichains, was preparing to go to bed when he learned about the incident. "I thought I had to do something, or a lot of people would be affected," he told VnExpress.

Bybit also contacted him for assistance. Without delay the Verichains team made arrangements to fly to Bybit’s headquarters in Dubai.

On Feb. 24 the Vietnamese engineers released a 28-page report, the earliest available analysis of the incident. According to Verichains’ findings, the issue originated from Safe, a multisignature wallet service used by Bybit.

Hackers, later identified as the North Korea’s Lazarus Group, infiltrated Safe Wallet's system, injecting malicious java script code to create a fraudulent transaction. When Bybit’s signers approved what appeared to be a routine transaction, they unknowingly enabled the hackers to seize the funds.

ByBit CEO, Ben Zhou. Photo from X

ByBit CEO, Ben Zhou. Photo from X

Two days later Safe confirmed the findings, stating that there were no security vulnerabilities within Bybit itself and that the exchange’s signers had followed proper security protocols.

Verichains, founded in 2017, has discovered and disclosed security flaws in a number of blockchain projects as well as multiparty computation-based digital asset wallets. The firm has provided cybersecurity solutions for over 200 global clients including the world’s largest crypto exchange, Binance.

Verichains is one of the few cybersecurity firms to have had a role in mitigating all the world's largest crypto hacks, including the $600 million Binance Smart Chain bridge hack and the $650 million Sky Mavis bridge hack by Ronin in 2022.

Zhou admits he had not heard of Verichains before but deeply appreciated the Vietnamese engineers’ swift response to the crisis. "They demonstrated extensive expertise in the field, and I believe they are one of the most professional teams in the industry."

Following the attack, Bybit announced plans to strengthen its security infrastructure and deepen collaboration with Verichains to reinforce its defenses.

Verichains found using Safe's web-based interface poses inherent risks, and quickly developed a new tool that allows multi-signature transactions to be conducted through a standalone computer-based interface, bypassing the previous web-based process. The tool has since been made freely available to other projects to enhance security across the industry.

While the breach resulted from a third-party service provider, the incident highlighted the ever-present risks in the cryptocurrency sector, Zhou says.

"The way we approach security has changed after this. With the scale of assets under our custody and user supervision, we must adopt security standards equivalent to those of a bank."

Zhou has since assumed a direct role in overseeing security protocols and now receives weekly reports on Bybit’s cybersecurity status. The company is also working closely with top security experts, including Verichains, to prevent future breaches.

Industry experts said the hack did not impact Bybit users or disrupt the broader crypto market as transparency was maintained and withdrawals continued uninterrupted. Bybit reassured customers that user assets remain secure and backed 1:1. By Feb. 26 the exchange reported a trading volume exceeding $48 billion, with liquidity in multiple trading pairs improving beyond pre-attack levels.

"The attack was a wake-up call for the entire industry regarding security and risk management," a Bybit spokesperson said.

"It also presents an opportunity for Bybit and other firms to continuously enhance cybersecurity standards, ensuring preparedness against future threats."

 
 
go to top