Bybit is one of the world's largest cryptocurrency exchanges, with a business built around perpetual futures and other derivatives rather than spot trading, founded in 2018 by Ben Zhou and headquartered in Dubai. For a bank digital-asset team, Bybit matters in two ways: as one of the derivatives venues whose funding rates and open interest Asian treasury and trading desks watch as a leverage barometer, and as the standing case study in exchange operational risk after the February 2025 theft of roughly USD 1.5 billion in ether, the largest crypto heist on record. The episode, and the recovery that followed, reset how counterparty due-diligence teams think about cold-wallet operations and proof-of-reserves claims.
Scale and footprint
Bybit announced the move of its headquarters from Singapore to Dubai in March 2022, early in the UAE's push to build a licensed virtual-asset hub under VARA (Virtual Assets Regulatory Authority). The exchange's centre of gravity is derivatives: perpetual swaps across major and long-tail assets, with a retail-heavy user base concentrated in Asia and emerging markets. Because perpetual funding rates on the largest venues effectively price the marginal cost of crypto leverage, Bybit's market data carries information value for desks that never face the venue directly.
The February 2025 hack
On 21 February 2025, attackers stole approximately USD 1.5 billion in ether from Bybit, which the FBI (Federal Bureau of Investigation) publicly attributed on 26 February 2025 to North Korea's TraderTraitor activity, widely known as the Lazarus Group. The compromise did not breach Bybit's cold wallet keys directly: investigators found the attackers had compromised a developer at Safe{Wallet}, the third-party multisignature wallet infrastructure Bybit used, and served Bybit's signers a manipulated transaction interface during a routine cold-to-warm wallet transfer. The lesson for diligence teams is uncomfortable: cold storage is only as strong as the signing workflow around it, and a proof-of-reserves snapshot says nothing about whether signers can be shown a false view of what they are approving.
The recovery
Bybit kept withdrawals open through the incident and said it had fully replenished its ether reserves within roughly 72 hours, as of 24 February 2025, through bridge loans, large deposits, and over-the-counter purchases arranged with trading firms including Galaxy Digital, FalconX, and Wintermute, followed by updated proof-of-reserves reporting showing client assets fully backed. The recovery is the other half of the case study: a venue with sufficient balance sheet and industry credit lines absorbed the largest theft in the industry's history without a customer loss event or a withdrawal freeze. That outcome appears to have limited the contagion, though it also set an expectation about exchange loss-absorption capacity that smaller venues could not meet.
Licensing posture
Bybit's regulated footprint has been thinner than OKX's, which makes each licence more informative. Its European entity, Bybit EU, received a MiCA (Markets in Crypto-Assets Regulation) CASP (crypto-asset service provider) authorisation from Austria's Financial Market Authority on 28 May 2025, establishing a European headquarters in Vienna and passporting across the EEA (European Economic Area). The Dubai base anchors the group in VARA's regime, and the post-hack period has coincided with a broader push toward licensed status in the jurisdictions where it retains retail access.
What to watch
For bank readers the file is mostly about second-order effects. Whether the Safe{Wallet}-style supply-chain vector recurs at other venues determines if February 2025 was an outlier or a template, and custody due-diligence questionnaires have already shifted toward signing-infrastructure and interface-verification questions as a result. Bybit's own trajectory, from offshore derivatives venue toward a licensed European and Gulf footprint, is a second test of whether the migration path OKX is running generalises. And its funding-rate and open-interest data remain a useful proxy for retail leverage in Asia regardless of any direct relationship.