Crypto lost to exploits, scams, hits $1.5B in February with Bybit hack: CertiK

03 Mar 2025Ivona Linver

Excluding the $1.4 billion Bybit hack, crypto losses in February amounted to about $126 million.

Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses, said blockchain security firm CertiK.

The Feb. 21 attack on Bybit by North Korea’s Lazarus Group was the largest crypto hack ever, more than doubling the $650 million Ronin bridge hack in March 2022, “which was also conducted by Lazarus,” CertiK said in a Feb. 28 X post.

February’s lost crypto amount is a nearly 1,500% jump from the $98 million recorded by CertiK in January. However, excluding Bybit’s losses, the remaining crypto losses last month totaled over $126 million, still a 28.5% jump.

Bybit said that the attackers took control of a storage wallet. The FBI later confirmed industry reports that North Korea was behind the attack and had started to convert the stolen crypto and disperse it “across thousands of addresses on multiple blockchains.”

CertiK added that the second most significant incident of the month was the Feb. 24 hack on stablecoin payment firm Infini that stole $49 million.

In a Feb. 27 report, CertiK said a key wallet used in the attack had previously been involved in developing Infini contracts and had retained admin rights used to redeem all Vault tokens.

“The exploit highlights a major vulnerability, demonstrating how admin privileges can become a single point of failure,” CertiK’s report reads. “One fundamental aspect of blockchain security is understanding how to protect your private keys.”

The Infini team did offer the hacker a chance to hold onto 20% of the stolen loot if the remainder was returned, along with a guarantee that the hacker wouldn’t face any legal consequences.

There was a 48-hour deadline, which has long since passed, and according to Etherscan, the wallet used by the hacker still has a balance of over 17,000 Ether  worth $43 million.


No public announcement has been made on whether the hacker plans to accept the offer and return any funds.

Related: Bybit hackers resume laundering activities, moving another 62,200 ETH

Decentralized money lending protocol ZkLend suffered the third-largest exploit for February, when it lost $10 million to hackers on Feb. 12.

Overall, CertiK says the top category for losses in February was wallet compromises, followed by code vulnerabilities, which resulted in $20 million in losses, and then phishing, which saw hackers steal $1.8 million.

Losses to crypto scams, exploits and hacks were declining in the final days of 2024, with December registering the smallest amount stolen at $28.6 million, compared to $63.8 million in November and $115.8 million in October.



Reprint: cointelegraph Publisher:  STEPHEN KATTE
Source: cointelegraph Author:  Ivona Linver
Statement:  The views expressed are those of the author and do not necessarily reflect those of BcTime. BcTime is an information publishing platform that only provides information storage space services. If the article involves infringement, please send a letter in time, the site will delete the article as soon as possible. Email: [email protected].
PREVIOUS ARTICLE

DraftKings settles class-action lawsuit over NFT marketplace for $10M
NEXT ARTICLE

Japan’s Metaplanet buys more Bitcoin, explores potential US listing

NEWSLETTER

Subscribe to our free newsletter and follow us for the latest blockchain news