In February 2025, cryptocurrency exchange Bybit suffered a $1.4 billion hack that exposed structural weaknesses in deposit systems long considered industry standards, such as frosty storage and multi-signature wallets.

At the time, this exploit was the largest known hack in cryptocurrency history, although this distinction was later eclipsed by arrangements that Chinese mining group LuBian lost $3.5 billion in 2020.

” [Bybit] hack showed that refrigerated labels and multisig don’t matter if you can manipulate approval flow, transaction visibility, or the signer environment,” said Ishai Shoham, head of product at crypto infrastructure firm Utila. “After Bybit, the custody architecture became a first-order risk topic rather than a back-end detail.”

The incident also prompted the Financial Action Task Force (FATF) to urge global regulators to address the illicit financial risks associated with cryptocurrencies, while exchanges tightened transaction approval processes and raised standards for detecting and dealing with violations.

What is FATF and why does it matter?

The FATF is an intergovernmental body that sets standards on money laundering and terrorist financing. Its recommendations are not legally binding, but its members are expected to follow its standards. For non-members who do not meet the requirements, being placed on the FATF gray list could limit access to assistance and harm banking relationships.

In the June 2025 FATF report quoted Bybit hack considered the largest cryptocurrency theft in history. He warned that cross-chain activity, stablecoins and uneven enforcement around the world are increasing the risk of illicit finance faster than existing controls can contain it.

“The case highlights persistent gaps in travel regulations and enforcement. Once funds are moved to DeFi, preventing overlaps and money laundering becomes difficult, especially as automation tools make these processes faster and easier,” Joshua Chu, an asset recovery lawyer and co-chair of the Hong Kong Web3 Association, told Cointelegraph.

Related: From Sony to Bybit: How Lazarus Group Became a Crypto Supervillain

The FATF called on jurisdictions to accelerate licensing, supervision and international coordination, presenting the incident as evidence that weaknesses in deposit and transaction supervision now pose systemic risks to the global financial system. Like the U.S. Federal Bureau of Investigation and countless security experts, the FATF linked the exploit to hackers linked to North Korea.

“If you asked who was the most influential person in cryptography in 2025, I would answer Kim Jong Un. Despite the political attention devoted to legislation and the adjustment of cryptographic standards, the Bybit hack dominated the FATF report.”

Around the same time, Singapore tightened its licensing regime, ordering unlicensed crypto companies to obtain permits or leave the market. While Singapore was making headlines, regulators in countries such as Thailand and the Philippines were conducting similar enforcement campaigns.

Assumptions about unthreatening storage and washing are breaking down

After the Bybit hack, the industry’s understanding of both deposit security and the illicit flow of funds changed.

Shoham said the breach made it clear that the main weaknesses were no longer cryptographic in nature.

Related: Are you a freelancer? North Korean spies can take advantage of you

“Once funds leave the compromised wallet, attackers can atomize and recompose value on chains faster than human response cycles,” he said.

“This shift has shifted the industry’s perspective from seeing mixers as the primary threat to recognizing that decentralized routing infrastructure itself enables large-scale automated theft.”

The Bybit hack has reignited a long-running debate about crosschain infrastructure and the responsibilities of decentralized protocols. As stolen funds moved between networks, attention returned to routing networks such as THORChain and eXch, which were used by attackers to exchange resources without relying on centralized intermediaries.

Proponents of decentralized models have argued that such protocols constitute neutral infrastructure, designed to operate without discretion or access control. Critics have countered that their architecture makes them uniquely attractive for laundering gigantic amounts of stolen assets, especially when combined with automation and fragmented liquidity across chains.

Some swappers, such as eXch, stopped working shortly after the hack.

Bybit sets novel standards for crisis response

The Bybit hack resulted in a broader shift in the industry’s approach to both care and compliance. As cross-chain traffic accelerates and stagnant controls become insufficient, exchanges and infrastructure providers are increasingly expected to apply management at the level of transaction behavior rather than relying solely on address-based restrictions.

For Bybit, the $1.4 billion breach could have marked the beginning of a long slump. Given the size of the exchange, initial concerns centered on the potential for an FTX-like domino effect that could trigger another industry-wide downturn as markets recover.

Instead, the stock market’s response set a different precedent. CEO Ben Zhou made a public appearance throughout the event, livestreaming to update users on recovery efforts. Instead of withholding withdrawals, which is a common reflex during crises, Bybit kept them open and sourced Ether from partner exchanges to meet immediate customer demand.

Since then, this approach has influenced the way other platforms prepare for and respond to major breaches.

Withdrawal holds are no longer the default response, and real-time communication has become a fundamental expectation. Despite the scale of the hack, Bybit remains one of the largest exchanges in the world and often ranks as the second largest platform in terms of daily trading volume.

Warehouse: Large Questions: Will Bitcoin Survive a 10-Year Power Outage?