The Largest Crypto Theft Ever Happened : How and When ?

By Ethan Clarke Updated On September 24, 2025

Cryptocurrency is a high-risk and volatile asset class. Investing in digital assets can lead to partial or total loss of funds. This content is for informational purposes only and should not be taken as financial or investment advice. Always do your own research before making investment decisions.

The largest crypto theft ever is absolutely a topic that is worth exploring, especially to be cautious about the scams and threats that surround you here in the blockchain networks. Understanding the what, why, when, where, and how about the thefts will definitely help you in putting on that shield while you are engaging with various crypto exchanges in the days to come. In this article, we will let you know about one of the biggest thefts that has happened in the industry and will discuss everything about it in detail. Apart from that, we will also be mentioning some of the equally disastrous thefts that can be counted along with them.

The Largest Crypto Theft Ever

A cryptocurrency exchange based in Dubai, called Bybit, is where the theft took place this year, that is, in the month of February 2025. $1.5 B in Ethereum was stolen through strategic hacking of the platform. As a result of the investigation that followed, a hacking group called Lazarus was convicted. This is a North Korean-based hacking organization, and they are also held accountable for a lot of other cybercrimes apart from this. The strategies and methodology they adopt to get through these hacking attempts are quite innovative and crooked.

This is Lazarus

They just stole $1.46 billion from Bybit

And they didn’t break the code — they broke the people

Here’s untold story of how they did it (and why no one is truly safe) 👇 pic.twitter.com/ajdFNJglGb
— Pix🔎 (@PixOnChain) February 21, 2025

All About the Bybit Theft

This can be regarded as a “supply-chain compromise” in the cryptocurrency domain, and as we have already mentioned, the strategies and methodologies were quite unique and sophisticated. Safe (Wallet) was the multisignature platform that was exploited for this particular theft. In the following bullet points, you will be able to see the step-by-step procedure on how the hacking organization planned and executed the theft.

1. Targeting the Developer

The first step of the theft was to target a developer from Safe (Wallet). After targeting, the hackers made use of some novel social engineering practices and thus compromised the workstation of the developer, initiating everything they had to follow later.

2. Hijacking the Access Tokens

Once they had compromised the workstation, it was quite easy for them to hijack the Amazon Web Services session tokens. Through this, they could easily get into the AWS account of the developer. This was their highway towards cracking the Multi Factor Authentication that has been enabled for safety purposes.

3. Software Manipulation

Once the credentials have been accessed, the hackers could make the required manipulations in the interface of Safe (Wallet). Originally, the software was written with JavaScript code, which they modified using some malicious code. This helped them change the destination address, leading the transactions to the desired place of the hackers.

4. The Real Theft

By all the steps mentioned above, the hackers were all set to receive the funds initiated by the employees of Safe(Wallet), as a part of their routine transactions. In this way, the hackers were able to transfer a total of 400000 ETH coins to their reserve.

What Happened After the Theft?

No matter how many layers of protection and encryption have been deployed, the reserves are always subject to such hacking attempts. But what happens after the theft and the immediate actions taken by the platform matter the most. The authorities from Bybit showed up immediately and promised reimbursement for all those who had lost their funds in the theft, along with acknowledging the mishap.

Hackers had also started to strengthen the barriers around the funds that they had managed to steal. They made use of a couple of Decentralized Exchanges (DeX) to swap the coins. However, the concerned authorities were able to track the movement of these assets through these decentralized exchanges without making any possible delays. Within a matter of 5 days after the theft, the Federal Bureau of Investigation of the USA could bring up these North Korean hackers as the alleged.

Other Major Crypto Thefts

Now, we will be discussing some of the other major crypto thefts that are worth your attention. This list includes 2 major thefts in the year 2022 and one of them in 2021, which will be discussed in detail below.

1. Ronin Network Theft

You must be familiar with the game Axie Infinity, through which you will be able to win and earn cryptocurrency tokens. Ronin Network is the firm behind this popular game, and it was in 2022 that a hacking attempt was acknowledged in this network. According to the estimated figures, around $625 M was stolen in this attack. Again, Lazarus was held accountable for this heist, the same North Korean agency we discussed in the case of Bybit theft. The theft mechanism was again initiated in the same way as they did for Bybit, by compromising the workstation of an employee through social engineering. Thus, they could succeed in gaining access to the transaction validators of the network, setting a clear pathway for the heist.

2. Poly Network

It was in the year 2021 that this heist happened in the network. Around $610 M got stolen during this mishap. The vulnerability in the smart contracts was the loophole that allowed the hacker to get through the network quite easily. Mr White Hat is the name attributed to this hacker. Unlike many other hacking attempts, where they hack for funds, this hacker returned the majority of the funds he could steal and remarked on the security flaws of the network, which made him do the hack “for fun”. However, the DeFi system, Poly Network, faced a major defamation through these attempts, even if they didn’t have to go through a major financial breakdown.

3. FTX

In November 2022, FTX confronted a heist of $477 M on November 2022, further worsening the tough times that they were going through during that period of time.

Conclusion

That is all about the largest thefts that have happened in history because of the security flaws and several other inevitable causes created with social engineering tactics. Now, you have a basic understanding of the risk involved in the blockchain ecosystems, no matter how much caution and care you take while investing and transacting through these systems. Apart from the security measures taken by the company, you can also take precautions and care at your end to add that extra layer of protection for your funds transacting through these blockchain networks.

Ethan Clarke

Crypto & Blockchain Expert

Ethan Clarke is a respected cryptocurrency journalist and fintech researcher with over 6 years of experience writing about blockchain technology, digital assets, and decentralized finance. He holds a Bachelor’s degree in Finance and a Postgraduate Diploma in Blockchain Strategy, blending financial expertise with deep technological insight. Ethan specializes in covering major crypto topics, including Bitcoin, Ethereum, DeFi protocols, NFTs, and regulatory developments. He is also known for his thorough and unbiased reviews of crypto-related products such as cryptocurrency brokers, wallets, exchanges, and automated trading platforms. Each review is based on in-depth research, hands-on testing, and performance analysis to help readers make informed decisions.