Bybit Hack Exposes Security Risks: How the $1.5 Billion Breach Impacts Ethereum

YEREVAN (CoinChapter.com) — The $1.5 billion Bybit hack placed Lazarus Group among the top 15 Ethereum holders. The breach raised concerns about Ethereum security, market manipulation, and vulnerabilities in third-party wallet integrations.

Security experts from Holonym, Cartesi, and Komodo Platform discussed the implications, risks, and potential security improvements.

A Major Crypto Breach Targeting Infrastructure

Unlike previous crypto exchange hacks, the Bybit breach did not involve private key theft. Instead, hackers manipulated the transaction signing process, exposing weaknesses in third-party security systems.

Forensic analysis traced the attack to Safe Wallet, a multi-signature wallet provider that processes transactions using smart contracts and cloud-based JavaScript files stored on AWS S3.

Hackers injected malicious JavaScript into Safe Wallet’s AWS storage, altering approved transactions without directly compromising Bybit’s internal system. This breach revealed the risk of third-party integrations, even for exchanges with strict security protocols.

Lazarus Group Now Holds Over 401,000 ETH

Following the Bybit hack, Lazarus Group became one of the top 15 Ethereum holders. On-chain data shows Gemini, which previously ranked 15th, owns 369,498 ETH. The hackers surpassed this amount by stealing over 401,000 ETH.

The Lazarus Group, linked to previous crypto hacks, now controls a significant Ethereum holding. Some industry participants questioned whether this development affects Ethereum decentralization.

Nanak Nihal Khalsa, Co-Founder of Holonym, dismissed concerns over Ethereum governance.

“Lazarus still owns less than 1% of ETH in circulation, so I don’t see it as highly relevant beyond simple optics. While it’s a lot of ETH, they still own less than 1%,”

Khalsa told.

Kadan Stadelmann, Chief Technology Officer at Komodo Platform, pointed to Ethereum security risks beyond governance.

“Illicit actors could expand their holdings further by targeting exchanges or DeFi protocols, influencing market dynamics and governance decisions. While Ethereum’s technical decentralization has not been compromised, Lazarus Group has eroded trust in Ethereum,”

Stadelmann told.

How the Hack Could Affect Ethereum and Crypto Markets

While Bybit hackers laundered the stolen ETH, Stadelmann outlined potential risks:

• Ethereum staking: While Lazarus Group has not staked its ETH, doing so could impact Proof-of-Stake governance.
• Market impact: Selling large amounts of ETH could cause price drops, though tracking measures may prevent this.
• Layer 2 security threats: Ethereum’s Layer 2 networks, including Arbitrum and Optimism, could become targets.

“A censorship attack on Layer 2 could undermine dApps and shift the ecosystem toward centralized transaction sequencers,” Stadelmann added.

The Bybit hack did not compromise Ethereum’s blockchain, but it exposed weaknesses in wallet security and third-party integrations.

Security Measures Under Scrutiny

Khalsa argued that the Bybit hack was not a flaw in Ethereum’s security but rather in third-party tools used by crypto exchanges.

“Saying the hack is Ethereum’s problem is like saying death by car accident is the car’s problem when the driver didn’t wear a seatbelt. Could the car have more safety measures? Yes, and it should. But as a seatbelt has little to do with the car, the hack had little to do with Ethereum,”

Khalsa explained.

The attack revealed security flaws in multi-signature wallets. Even with strong internal security, compromised signing tools remain a risk.

“The myth that multi-signature wallets of hardware wallets are secure has been exposed. It took this attack for the industry to acknowledge that,”

Khalsa stated.

The Bybit hack also showed the risks of trusting third-party services for Ethereum transactions.

Hackers Exploited Front-End Security Weaknesses

Hackers injected malicious JavaScript into Safe Wallet’s cloud storage, allowing them to mimic trusted interfaces and deceive users.

Erick de Moura, Co-Founder of Cartesi, highlighted the security risk.

“The SAFE incident serves as a stark reminder that Web3 is only as secure as its weakest link. If users cannot verify that the interface they interact with is genuine, decentralization becomes meaningless,”

de Moura said.

Rather than attacking smart contracts, the Lazarus Group injected malicious code into the front-end system, making it look like a legitimate Bybit interface.

“The hackers didn’t need to breach smart contracts or manipulate Bybit’s systems directly. Instead, they injected malicious code into the front-end interface, deceiving users into thinking they were engaging with a trusted platform,”

de Moura added.

Reproducible Builds Could Strengthen Ethereum Security

For the Web3 community, the Bybit hack exposed security flaws in exchange infrastructure. De Moura emphasized the importance of reproducible builds to prevent future attacks.

“A reproducible build ensures that when source code is compiled, it always produces the same binary output. This guarantees that the software users interact with hasn’t been altered by a third party somewhere in the deployment pipeline,”

de Moura explained.

Using blockchain technology, developers can verify software integrity by checking front-end resources against on-chain data.

“If a verifiable reproducible builds approach had been applied to SAFE, the exploit could have been prevented. The malicious front-end would have failed verification against the on-chain record, immediately exposing the attack,”

de Moura stated.

Security Gaps Leave Ethereum Users at Risk

As crypto attacks become more advanced, lack of security awareness remains a major issue.

The Bybit hack showed that users relying on third-party security tools may still be vulnerable. Many crypto traders assumed that multi-signature wallets would protect funds, but the breach revealed gaps in Ethereum wallet security.

“It shows crypto is still in the Wild West and in its growing phase in terms of security. I think in a couple of years we will have superior security, but in its current state, the public fear is well-justified,”

Khalsa noted.

The Bybit hack confirmed that Ethereum wallet security depends not only on blockchain technology but also on third-party integrations and exchange practices.

Ethereum Price Recovers After Recent Drop

Ethereum (ETH/USD) showed volatility on March 11, 2025, following a sharp decline below $1,800 earlier in the day. The price rebounded, reaching $1,925.9 at the time of the chart capture. Trading activity increased significantly during the drop, indicating high selling pressure. However, the recovery suggests renewed buying interest, stabilizing ETH above $1,900. The broader trend remains uncertain, with key resistance around $2,000 and support near $1,800.