On February 21, 2025, North Korea’s Lazarus Group stole $1.5 billion in Ethereum from Bybit. It remains the largest cryptocurrency theft in history. No customers lost funds. Bybit processed all withdrawals and maintained operations throughout. Whether that response is enough to restore confidence is a question every serious user of this platform needs to answer for themselves.
This review does not look away from the hack. It explains exactly what happened, what Bybit did in response, and gives you the information needed to decide whether the platform’s strengths outweigh the security concerns that remain.
The Verdict First
Bybit is the right exchange for active derivatives traders outside the US and UK who prioritize the lowest possible perpetual futures fees, deep liquidity, and advanced copy trading tools. It is not available in the US or UK. The 2025 hack is a serious event that demands honest evaluation. The response was strong; the structural vulnerability that enabled the attack is the real question.
The Hack: What Actually Happened
The Bybit hack was not a failure of Bybit’s exchange infrastructure. It was a supply chain attack. Lazarus Group compromised a developer’s machine at Safe, the third-party wallet infrastructure provider Bybit used to manage its cold wallet. The attackers injected malicious JavaScript into Safe’s frontend interface, disguising a malicious transaction as a routine internal transfer. Bybit’s signers approved what appeared to be a legitimate operation. The transaction drained the cold wallet.
The FBI confirmed North Korean attribution. The FBI also confirmed that the Lazarus Group has attacked multiple exchanges with similar supply chain methods, targeting third-party tooling rather than exchange systems directly.
Bybit processed all withdrawals in the immediate aftermath, covered the losses from reserves, launched a 10% recovery bounty program, and partnered with Chainalysis to trace the stolen funds. Some assets were subsequently converted to Bitcoin and dispersed across thousands of addresses to slow tracing.
The structural issue the hack revealed: multi-signature cold wallet arrangements can be defeated if the signing interface itself is compromised. This is an industry-wide problem, not specific to Bybit, but Bybit was the one that paid $1.5 billion to demonstrate it.
Fees: The Strongest Case for Bybit
Bybit’s perpetual futures fees are 0.02% maker and 0.055% taker. These are among the lowest in the industry for derivatives. Spot fees are 0.1% maker and 0.1% taker, matching Binance’s standard rate. There are no direct fiat on-ramps; users must deposit crypto or use third-party card or P2P services, which adds friction for first-time buyers but is standard for derivatives-focused platforms.
Product Strengths
Bybit supports perpetual contracts and quarterly futures up to 100x leverage across 515 assets. Its matching engine handles approximately 100,000 transactions per second. Copy trading allows users to mirror professional trader strategies with automatic position replication. Trading bot automation is built into the platform without requiring third-party integrations. Bybit Earn provides flexible and fixed savings products.
Availability and Restrictions
Bybit is not available in the US, UK, Canada, Singapore, China, Hong Kong, or France, among other jurisdictions. If you are in any of these regions, this review is not relevant to you. Bybit is primarily available to users in Asia (excluding the restricted markets) and parts of Europe, Latin America, and the Middle East.
Who Should Use Bybit
Right for you if: You are outside the US and UK. You trade derivatives frequently and the fee difference between 0.02% and 0.055% compounds meaningfully at your volume. You use copy trading. You are a crypto-native user comfortable without fiat on-ramps.
Wrong for you if: You are in the US or UK. The 2025 hack leaves you unwilling to keep significant balances on the platform. You need fiat deposit access. You require SOC 2 Type II certification for institutional or compliance purposes.
Bottom Line
Bybit’s response to the largest crypto hack in history was operationally impressive. No customers lost money. The platform kept running. The hack itself revealed a third-party interface vulnerability that any exchange using similar wallet infrastructure could have faced. If you trade derivatives outside the US and UK, Bybit’s fee structure is genuinely competitive. Keep only what you need for active trading on any exchange, Bybit included, and hold long-term holdings in cold storage you control.
The Daily Brief by TCB
Crypto, AI & finance intelligence in 5 minutes. Every weekday morning. Free.
