Cryptocurrency exchange Bybit secured regulatory approval in the United Arab Emirates just three days before falling victim to one of the largest crypto hacks in history.
The world’s second-largest crypto exchange by trading volume received in-principle approval from the UAE’s Securities and Commodities Authority on February 18, then lost $1.4 billion in digital assets on February 21 when hackers compromised a wallet transfer operation.
The timing creates a stark contrast between Bybit’s regulatory advancement and security vulnerabilities, raising questions about risk management in the rapidly expanding exchange. Despite the massive theft, Bybit continues pursuing global expansion while asserting that customer funds remain unaffected by the breach, which primarily impacted Ethereum-related tokens.
Hack Compromised Cold Wallet Transfer
Bybit co-founder and CEO Ben Zhou confirmed that attackers exploited a transfer between the exchange’s cold storage and warm wallet systems. “A transfer was made from the exchange’s multisignature wallet to a warm wallet approximately one hour prior,” Zhou stated following the incident.
The attackers deployed malicious code designed to alter the smart contract logic of the wallet during what appeared to be a legitimate transaction. Blockchain security analyst ZachXBT first identified the breach, which primarily drained liquid-staked Ether, Mantle Staked ETH, and other ERC-20 tokens.
Ethereum’s price dropped over 3% following confirmation of the hack as market participants reacted to what Zhou characterized as an attack that could be attributed to the Lazarus Group, though no definitive attribution has been established.
“Bybit is solvent even if this hack loss is not recovered, all of the client’s assets are 1 to 1 backed — we can cover the loss,” Zhou stated in a social media post, attempting to reassure the exchange’s reported 60 million users worldwide.
Global Expansion Amid Regulatory Hurdles
The UAE approval represents a significant milestone in Bybit’s regulatory strategy. “This approval marks a crucial step in our journey to providing secure and transparent crypto trading solutions,” Zhou said in the company’s announcement, made public the same day as the hack disclosure.
Founded in 2018, Bybit has aggressively pursued global expansion despite regulatory challenges in multiple jurisdictions. On February 25, the exchange announced its return to the Indian market after paying a $1 million penalty issued by India’s Financial Intelligence Unit for previously operating without mandatory registration.
The exchange temporarily adjusted operations in the European Economic Area in late 2024 to comply with Europe’s Markets in Crypto-Assets regulations. “Bybit has made the difficult but necessary decision to temporarily adjust the availability of its products and services within the EEA,” the company stated, noting efforts to obtain a license in Austria.
Malaysian regulators ordered Bybit to cease operations in December 2024, accusing the exchange of operating an unregistered digital asset platform. Despite these challenges, Bybit continues to secure regulatory approvals in other regions, including Georgia, Kazakhstan, and Turkey.
The hack occurred amid heightened security concerns throughout the cryptocurrency sector. Several high-profile breaches have hit the industry in February 2025 alone, including a $9.5 million exploit of the ZkLend protocol and social media compromises affecting Jupiter exchange and former Malaysian Prime Minister Mahathir Mohamad.
