The Virtual Assets Regulatory Authority (VARA) has confirmed that Bybit has not yet been granted a regulatory license in Dubai. The world's second-largest crypto exchange is still working to meet the stringent licensing requirements necessary for securing a Virtual Asset Service Providers (VASP) operating permit in the emirate.
In September 2024, Bybit announced that it had received a provisional (non-operational) approval for virtual asset exchange services in Dubai. At the time, the company described this as a milestone toward securing full operational approval in the UAE.
Bybit Hack: Over 400,000 ETH Stolen
On Friday, Bybit reported a massive security breach, resulting in the loss of over 400,000 ETH (Ethereum), valued at approximately $1.5 billion. The incident has been described as one of the largest crypto exchange hacks in history.
How the Hack Happened
Cybersecurity and crypto experts explained that hackers gained access to Bybit’s cold wallet, which is typically offline to protect against cyberattacks.
According to Rayad Kamal Ayub, managing director of Rayad Group and a leading crypto assets investor, the attack was executed when the cold wallet transferred funds to the warm wallet (a semi-online storage solution).
"Unfortunately, the transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Ayub explained.
As a result, the hackers tricked Bybit’s security system into approving a malicious transaction, allowing them to transfer the funds to an unidentified address.
The Impact and Industry Reactions
- The stolen funds were initially sent to an address beginning with 0x476, before being moved using a ‘sweep ETH’ function to transfer all tokens into another contract.
- Bybit CEO Ben Zhou confirmed that this hack affected 70% of Bybit’s total Ethereum holdings.
- Bybit, which manages $20 billion in assets, has pledged to honor all customer withdrawals.
Largest Crypto Heist in History
This cyberattack doubles the size of the previous record-breaking hack:
- March 2022: Hackers stole $620 million in cryptocurrency from Axie Infinity’s Ronin Network. The FBI later linked the attack to North Korean groups Lazarus and BlueNorOff.
- August 2021: The Poly Network attack resulted in a $611 million theft, but the hackers surprisingly returned the funds within 48 hours.
- Other major crypto hacks:
- WazirX (India) – $235 million (July 2024)
- Radiant – $50 million (October 2024)
- DMM Bitcoin – $308 million (December 2024)
- Phemex (Singapore) – $70 million (January 2025)
Are North Korean Hackers Involved?
Reports suggest that North Korean state-sponsored hackers stole over $1.34 billion in cryptocurrency from 47 cyberattacks in 2024, setting a new record.
Can the Stolen Crypto Be Recovered?
To recover the stolen funds, Bybit has offered a bounty of up to $140 million to anyone who can help track down the stolen assets.
According to Justin Harper, co-founder of The Crypto Radio, the hack is likely to shake public confidence in crypto exchanges, especially since it involved a cold wallet, which is considered the safest way to store crypto.
"Trust is something the industry must rebuild, and Bybit now has to start from square one," Harper stated.
Despite the crisis, Harper praised Bybit CEO Ben Zhou’s transparent approach and commitment to ensuring customer withdrawals remain unaffected.
What Happens Next?
The big question remains: Is cryptocurrency still safe?
According to Irene Corpuz, a cybersecurity expert and founding partner of Women in Cybersecurity Middle East:
"Anything can be hacked if there's enough motivation. It's not a question of if, but when a hack will happen."
However, she stressed that transparency and security improvements are critical for restoring trust.
Rayad Kamal Ayub added that investors should diversify their crypto assets and take steps to minimize risks, such as:
- Using self-custody wallets to avoid exchange insolvencies.
- Researching crypto exchanges before making deposits.
- Being aware of scams and taking precautionary measures.
Final Takeaway
This record-breaking hack underscores the ongoing risks in the cryptocurrency industry. While Bybit has pledged to compensate users, the incident highlights the urgent need for stronger security protocols.
As the crypto sector continues to evolve, exchanges must prioritize investor trust through better regulations, cybersecurity advancements, and transparency measures.
