Nexanet
<- Go Back

Bybit’s $1.5B Crypto Heist: How Social Engineering Enabled the Attack

Customer Avatar 02
Justine Garrett
Product Marketing Manager

On February 21, 2025, Bybit, a major cryptocurrency exchange, suffered the largest digital asset theft in history, with hackers stealing nearly $1.5 billion in Ethereum (ETH). While the attack exploited vulnerabilities in Bybit’s multi-signature cold wallet, it was social engineering and phishing that enabled the breach.

By leveraging targeted phishing tactics, stolen authentication credentials, and manipulated transaction approvals, attackers were able to bypass Bybit’s security protocols and reroute funds to their own accounts. This breach highlights a growing cybersecurity concern: even the most advanced security measures can be bypassed through human deception.

For Fortune 500 financial leaders and security professionals, the Bybit hack serves as a stark warning that sophisticated phishing attacks remain one of the most effective methods for breaching corporate defenses. Protecting sensitive credentials is no longer just about strong passwords—it requires advanced phishing-resistant authentication and continuous monitoring of access controls.

How Hackers Used Social Engineering to Breach Bybit

Step 1: Phishing to Gain Access

The attack began with spear-phishing campaigns targeting Bybit’s cold wallet signers and security personnel. Hackers used:

  • Fake corporate login pages mimicking Bybit’s internal systems
  • SMS phishing (smishing) and voice phishing (vishing) to manipulate employees into revealing credentials
  • Compromised authentication tokens, tricking wallet signers into authorizing fraudulent transactions

Bybit’s attackers studied internal communication patterns, sending emails and calls that appeared to come from trusted internal sources. This social engineering strategy was consistent with past cyberattacks linked to state-sponsored North Korean hacking groups.

Step 2: Credential Theft & Transaction Manipulation

Once the attackers obtained stolen authentication credentials, they:

  • Logged into Bybit’s systems using compromised MFA tokens
  • Altered multi-signature wallet approvals by injecting a malicious smart contract
  • Intercepted a legitimate transfer and rerouted 401,000 ETH ($1.5 billion US) to hacker-controlled addresses

Because the attack mirrored normal internal processes, it was not immediately detected—giving hackers enough time to disperse funds through a complex laundering network.

Step 3: Asset Laundering Through Crypto Networks

After the breach, the stolen ETH was moved through multiple intermediary wallets to obscure its origin. The attackers used:

  • Decentralized Exchanges (DEXs) to swap ETH for other assets
  • Cross-Chain Bridges to transfer funds across different blockchain networks
  • No-KYC Crypto Swap Services to evade transaction tracking

A portion of the funds remains dormant, following a known tactic by North Korean-affiliated hacking groups, who delay laundering efforts to outlast immediate forensic investigations.

Why Phishing Protection Is Essential to Preventing These Attacks

The Bybit hack demonstrates how cybercriminals exploit human vulnerabilities to gain direct access to financial networks. Even with strong cybersecurity measures, if employees' credentials are stolen through phishing, hackers can bypass security controls and manipulate transactions.

Key Risks of Phishing Attacks in Corporate Security:

  • High-Value Targets Are at Risk: Employees with financial or security privileges are prime targets for phishing.
  • Social Engineering Bypasses Traditional Cybersecurity: Phishing emails, fake login pages, and impersonation tactics can deceive even security-conscious teams.
  • A Single Compromised Account Can Lead to a Large-Scale Breach: Attackers move laterally once inside a network, gaining deeper access and deploying malware.

How Fortune 500 Companies Can Protect Their Credentials & Digital Assets

Implement Phishing-Resistant Security Measures

  • Use physical security keys (YubiKey, Titan) instead of SMS-based MFA
  • Set up real-time login alerts for privileged accounts
  • Require AI-based email filtering to detect spear-phishing attempts

Strengthen Transaction Approval & Authentication Processes

  • Require secondary verification (secure video calls) for high-risk transactions
  • Implement AI-driven anomaly detection for unusual financial transfers
  • Limit access to sensitive financial systems to pre-approved devices

Train Leadership & Security Teams on Social Engineering Threats

  • Simulate phishing attacks regularly to test security awareness
  • Train employees on identifying fake login pages and voice phishing attempts
  • Establish a strict internal protocol for approving financial transactions

Final Thoughts: Social Engineering Is a Persistent Cybersecurity Threat

The Bybit hack proves that no amount of network security can protect an organization if employees are tricked into revealing credentials. Cybercriminals are increasingly using social engineering, phishing, and MFA interception to infiltrate corporate networks and manipulate financial transactions.

For Fortune 500 companies, financial institutions, and cryptocurrency exchanges, preventing social engineering attacks must be a top security priority. By implementing phishing-resistant authentication, continuous monitoring, and strong employee training, organizations can eliminate their biggest security blind spot and prevent the next billion-dollar breach.

Protect Your Executive Identity with Nexanet

Cybercriminals exploit human vulnerabilities to bypass security systems. Nexanet provides advanced phishing protection and credential security solutions to help Fortune 500 companies and financial institutions defend against social engineering attacks.

Your Privacy, Our Priority

Learn what’s been shared without your consent.

Choose us to take a stand for your freedom and safeguard your right to privacy.