February saw an unprecedented surge in crypto losses, totaling $1.53 billion, with major exploits targeting Bybit, Infini, and zkLend. According to blockchain security firm Certik, this marks a staggering 1,500% increase from the $98 million in losses recorded in January. Even without Bybit’s massive breach, crypto losses still saw a 28.5% rise, amounting to over $126 million.
Bybit Hack Becomes Largest Crypto Heist in History
The most significant loss came from the February 21 hack of crypto exchange Bybit, which was attributed to North Korea’s notorious Lazarus Group. The attack drained $1.4 billion from the exchange, making it the largest crypto hack ever recorded, surpassing the $650 million Ronin bridge exploit in March 2022—also linked to Lazarus. Following the breach, the stolen funds were funneled through crypto mixers, and recent reports indicate that Lazarus has successfully laundered nearly all of the stolen assets.
Infini Exploit and Developer Backdoor Access
On February 24, stablecoin neobank Infini suffered a $49.5 million exploit, marking the second-largest loss of the month. Security firm Cyvers determined that a developer who retained admin privileges after helping set up Infini’s smart contract was responsible for the breach. Three months later, the developer used these rights to siphon funds into a wallet funded via Tornado Cash. Infini has since attempted to recover the stolen assets, even offering the hacker a 20% bounty in exchange for returning the funds. However, the deadline has long passed, and the hacker remains in possession of the stolen assets.
zkLend Hack and Recovery Efforts
The third-largest exploit occurred on February 12, when zkLend lost $9.5 million worth of Ethereum. Similar to Infini, zkLend offered a bounty, requesting the return of 90% of the stolen funds while allowing the hacker to keep 10%. As of now, zkLend has opened a recovery portal for affected users, but the stolen assets remain unrecovered.
Additional Crypto Security Threats
Beyond major exploits, Certik reported that wallet compromises were the leading cause of crypto losses in February. Code vulnerabilities contributed to $20 million in losses, while phishing attacks resulted in $1.8 million in stolen funds.
The Growing Threat to Crypto Security
With February marking one of the worst months for crypto hacks, security remains a pressing concern. The increasing sophistication of attacks and insider threats highlight the need for stronger security measures across exchanges, DeFi platforms, and wallet providers. As firms attempt to recover losses, the broader crypto community continues to grapple with the implications of these security breaches.
