How Crypto Exchange Bibit lost $ 1.5 billion for North Korean hackers

In the night of 21. February, Ben Zhou, CEO of Criptocurrency Borke Bibit, signed up to her computer to approve what seemed to be a routine transaction. His company moved a large amount EtherPopular digital currency, from one account to another.

Thirty minutes later, Mr. Zhou got call From the main financial officer of Deduction. In a trembling voice, the executive said to Mr. Zhou that their system was hacked.

“All Etherum disappeared,” he said.

When Mr. Zhou approved the transaction, inadvertently presented control of the account hackers supported by the North Korean governmenttoward FBI They stole $ 1.5 billion cryptocurrency, the most way in the history of the industry.

To extract stunning breaches, hackers exploited simple bandwidth in Bibit’s security: His reliance on a free software product. They broke through by manipulating the public available system that the exchange was used to protect hundreds of millions of dollars in customer deposits. For years, Bibit relied on the storage software, which has developed a technological provider called SafeEven as well as other security companies have sold specialized tools for companies.

Hack sent crypto markets to free fall and undermined confidence in the industry in crucial time. Below Cripto-Friendly Trump AdministrationIndustry managers lobby for new American laws and regulations that would facilitate the savings saves in digital currencies. There is a white house on Friday scheduled To host the “crypti summit” with President Trump officials and superior industrial officials.

Security experts CRIPTO said that they were upset with what the robbery revealed about security protocols from the bag. Losses are “completely prevented”, one security firm wrote In an analysis of violations, claiming that “should not happen.”

A safe storage means widespread in the crypt industry. But it is better suitable for the CRIPTO hobbies than exchanges of billions of clients’ deposits, Charles Guillemet, Executive Director at Ledger, France CRIPTO security firm that offers storage system designed for companies.

“It really needs to change,” he said. “It’s not an acceptable situation in 2025. years.”

In Bibit, Hack went with helpless 48 hours. The company monitors as many as 20 billion dollars in customer deposits, but did not have enough ether to cover $ 1.5 billion robbery. Mr. Zhou, 38, ran to serve in water borrowing from other companies and drawing corporate reserves to meet the increase in the retention request. On social media, he looked surprisingly relaxed, announcing several hours after theft that his level of stress was “Not too bad.”

As the crisis took place, the price of bitcoin, the ringtone for the industry, relieved 20 percent. That was glorify Falling Fault of 2022 year, exchange launched by embarrassed Mogul I am Bankin-Fried.

In the interview this week, Mr. Zhou admitted that Bigby was the elaborative management of possible problems with secure problems. Three or four months ago Hak, said, the company noted that the software was not fully compatible with one of its other security services.

“We should have upgraded and moved away from safe,” said Mr. Zhou. “We definitely ask for it now.”

Rahul Rumala, Chief in a safe main product, said that his team created new security functions to protect users and are in a safe state of “backbone of the vault for some of the largest organizations in space”.

“Our job is not just to fix what happened,” said Mr. Rumalla, “but to ensure that the whole space learns from her, so it’s not happening anymore.”

Established in 2018. years, Bitit acts as the crypto market, where traders and professional investors can turn their dollars or euros into Bitcoin and Ethar. Many investors treat exchange such as Bagan as an informal bank, where they deposit the crypto civic care.

According to some estimates, Bibit is world the second largest crypto exchangeTreatment tens of billions of dollars every day. The seat in Dubai does not offer customer services in the United States.

21. February, G. Zhou was at home in Singapore, finishing some job, he said in an interview.

But first, he and two other executives were supposed to unsubscribe to the transfer of cryptocurries from one account to another. These routine transfers should be safe: no person on Babita can execute them, creating several layers of protection against thieves.

However, behind the scene, however, the hacker group has already broken in a safe system, according to Babita Revision of hack. They compromised the computer that belonged to a safe developer, a person with knowledge, allowing them to plant malicious transaction manipulation codes.

The connection sent via Safe called Mr. Zhou to approve the transfer. It was a hole. When he applied, hackers seize control over the account and stole $ 1.5 billion in the cripto.

Sudden outflows appeared on hiPublic book crypto transactions. Crypto analysts Quickly identified Krivcita as Lazarus Group, the hacking of the union was supported by the North Korean government.

That night, Mr. Zhou went to the Singapore Office in Babit to manage the crisis. He announced Hack to social media and started a crisis protocol known in the company as P-1, pressing the button to wake each member of the leadership team

About 1:00, Mr. Zhou appeared to the transfer to K, abolishing red bull. He promised customers that Bibit was still a solvent.

“Even if this loss of hacks do not recover, all customers’ property are subparagrated 1 to 1,” he said In the post. “We can cover the loss.”

These guarantees were not enough. Within hours, Mr. Zhou said, about half of digital currencies deposited on the platform, or close to $ 10 billion, was withdrawn. The Cripto Market strayed.

To limit the damage, other crypto companies that offered to help. Grub Chen, the chief executive director of Rivalna exchange, bitgets, borrowed bitar 40,000 in the ether, or approximately 100 million dollars, without requiring any interest or even security.

“We never questioned their ability to return us,” said Mrs. Chen.

Between the Meeting of Crisis, Mr. Zhou provided the current comment on X. He divided Screenshots From the health application, showing that his level of stress was surprisingly normal.

“It’s too focused on the commander of all meetings. You forgot to emphasize,” he wrote. “I think it will soon come when I start to understand the concept of $ 1.5B loss.”

After robbing, the North Korean hackers spread stolen funds over a huge network of online wallet, the money laundering strategy they also used.

“Group of Lazarus is on the second level”, “Haseeb Kureshi, Investor, wrote on X after theft.

Professional experts blamed Bibit to set up in danger. To approve the routine transfer that led to Hak, Mr. Zhou said, used a hardware tool designed by a book, a crippto security firm. The device was not in sync with safe, he said. So he could not use the tool to check full details about the transaction approved, always risky practice in the crypt world.

“You certainly don’t give you the types of controls that you would like to make operational transfers often,” said Riad Wahbi, Professor of Computer Engineers in Carnegie Mellon University and co-founder of Digital Security Company Cubist.

Mr. Zhou said he wanted to take measures before Bobit’s defense. “It’s a lot of regret now,” he said. “I should have pay more attention in this area.”

Still, Bibit continued to work after hack, processing All pulls within 12 hours, Mr. Zhou said. Not long after breach, he announced The company moved around another $ 3 billion in Kriptou.

“This is scheduled maneuvering, FII,” he wrote. “We’re not hacked this time.”