According to the latest data from CertiK, a leading Web3.0 security authority, the cryptocurrency industry suffered an unprecedented blow in February 2025, with total losses reaching a staggering $1.53 billion. This figure not only sets a new historical record but also lays bare the immense risks lurking beneath the blockchain world’s rapid growth.
Notably, the North Korean hacking group Lazarus took center stage in this storm, orchestrating a $1.4 billion attack on the Bybit exchange—an assault that accounted for 91% of the month’s losses and stands as the most jaw-dropping heist in crypto history. Even excluding this outlier, the remaining $126 million in losses for February still marked a 28.5% surge compared to January, prompting a sobering question: Where exactly is the “moat” protecting crypto security?
Bybit’s “Billion-Dollar Lesson”: A Dual Failure of Technology and Human Nature
On February 21, Lazarus’s attack on Bybit sent shockwaves worldwide. The operation was not only unprecedented in scale but also showcased astonishing sophistication. Analysts revealed that the hackers breached device defenses through social engineering, exploiting a “blind signing” vulnerability disguised as a legitimate interface.
This allowed them to bypass multi-signature mechanisms and gain control of Bybit’s cold wallet, siphoning off assets worth $1.4 billion. Surpassing Lazarus’s 2022 theft of $650 million from the Ronin Bridge, this incident exposed fatal flaws in the seemingly impregnable security systems of centralized exchanges. CertiK’s report identified wallet leaks as the primary culprit behind the month’s losses, with the Bybit debacle serving as the ultimate case in point.
Beyond Bybit’s colossal loss, other incidents in February were equally thought-provoking. On February 24, the stablecoin payment platform Infini fell victim to a suspected admin privilege vulnerability, losing $49 million. In a surprising twist, Infini attempted to negotiate with the hackers, offering to let them keep 20% of the funds as a “reward” for returning 80%, with a promise of no legal pursuit. However, as of March 5, the hackers’ wallet still held 17,000 Ether worth $43 million, signaling the failure of these talks. Meanwhile, on February 12, the decentralized lending protocol ZkLend was robbed of $10 million, making it the month’s third-largest victim. The successive downfall of these smaller projects underscores that hackers’ reach now extends far beyond “big fish,” infiltrating every corner of the ecosystem.
The Truth Behind the Losses: Three Culprits Emerge
CertiK’s in-depth analysis pinpointed three primary causes of February’s losses: wallet leaks, code vulnerabilities, and phishing attacks. Wallet leaks dominated, as evidenced by the Bybit case; code vulnerabilities accounted for $20 million in losses, highlighting the fragility of smart contract design; and while phishing attacks caused a relatively modest $1.8 million in damages, their stealth and high success rate make them a “silent killer” that cannot be ignored. These findings serve as a stark reminder that threats to crypto security are not singular but rather a complex, multi-dimensional challenge.
The $1.53 billion loss is more than a cold statistic—it’s a wake-up call for the entire industry. The Bybit incident exposed single points of failure in centralized platforms’ admin privileges and private key management, while the plights of Infini and ZkLend revealed the cost of neglecting security audits amid rapid growth in decentralized projects. Looking ahead, the industry may need to focus on three key areas: first, enhancing dynamic protection for multi-signature systems and cold wallets to prevent humans from being the weakest link; second, promoting standardized audits for smart contracts to seal the “backdoors” of code vulnerabilities; and third, bolstering user education to curb the fertile ground for phishing attacks.