Bybit & Infini: $1.5B Hack Shocks Crypto

Highlights

• Bybit: 400K ETH stolen ($1.5B); 447K ETH recovered; Lazarus Group suspected.
  
• Infini: $49.5M USDC lost; founder covering losses.
  
• Market (February 21st, 2025): ETH -3.8%, BTC -2.1%, Tornado Cash +8.5%.

Largest Crypto Theft in History

On February 21, 2025, Dubai-based Bybit suffered the largest crypto hack ever, losing 400,000 ETH (worth $1.5B) when attackers exploited its security protocols to drain an offline wallet.

Suspected to be orchestrated by North Korea’s Lazarus Group—infamous for high-profile heists, including the 2022 $620M Ronin Network theft—this incident prompted CEO Ben Zhou to reassure users that “your funds are safe.” Bybit, safeguarding $20B in client assets, launched a refund program to cover any unrecovered funds via its treasury or bridge loans.

In a rapid counter-response, collaborated teams took swift action by freezing 181K USDT, 34 ETH, 120K USDC + USDT, and more.

Later, the mETH Protocol recovered 15,000 cmETH (≈$43M), helping Bybit restore nearly 447,000 ETH (please check the table below).

Additionally, Bybit introduced a recovery bounty program, offering up to 10% of the recovered amount to assist in retrieving the stolen assets.

DeFi Attack Steals $49.5 Million

Days after, Infini Earn, a decentralized stablecoin bank, fell victim to a major breach. A compromised private key led to the loss of $49.5 million in USDC, as the attacker swapped USDC for DAI, purchased 17,696 ETH and transferred the funds to a new wallet. 

Blockchain analysts suspect an inside job since the hacker retained admin access after development ended. A PeckShield Alert further revealed that the engineers involved have been identified and a police report has been filed.

In response, co-founder Christian Li reassured stakeholders that his private key remains secure and liquidity is stable. He attributed the issue to an oversight during a previous transfer of authority, took full responsibility, and pledged to cover investor losses. 

Although withdrawals remain open—with personal funds facilitating transactions—financial operations have been paused to mitigate risks, and the remaining funds will be reinvested into Infini Vault to restore normal operations.

Market Impact

In the aftermath (22, February), market reactions were swift. Ethereum dropped 3.8%, USDC briefly de-pegged, Bitcoin fell by 2.1%, and Tornado Cash saw an 8.5% uptick as hackers exploited it for laundering. 

The latest data now indicates an even deeper market downturn, suggesting that the fallout from both the Bybit and Infini Earn hacks may be intensifying and further unsettling the crypto landscape.