The February 2025 hack at cryptocurrency exchange Bybit exposed structural weaknesses in custody systems long considered industry standards, such as cold storage and multisignature wallets. Ishai Shoham, head of product at crypto infrastructure company Utila, said, “The Bybit hack showed that cold storage and multisig labels are meaningless if the approval flow, transaction visibility, or signer environment can be manipulated.” “After Bybit, custody architecture became a first-order risk topic, not a back-office detail.” The incident prompted the Financial Action Task Force (FATF) to urge global regulators to address illicit finance risks in cryptocurrencies, while exchanges tightened transaction approval processes and raised the standard for how breaches are detected and handled.
In a June 2025 report, the FATF cited the Bybit hack as the largest crypto theft ever. It warned that crosschain activity, stablecoins and uneven global enforcement were amplifying illicit finance risks faster than existing controls could contain them. “The case highlights persistent gaps in the Travel Rule and in enforcement. Once funds move into DeFi, it becomes difficult to prevent layering and money laundering, particularly as automation tools make these processes faster and easier,” Joshua Chu, asset recovery lawyer and co-chair of the Hong Kong Web3 Association, told Cointelegraph. Around the same time, Singapore tightened its licensing regime, ordering unlicensed crypto firms to either obtain permits or leave the market.
Custody security and laundering assumptions break down. The industry’s understanding of both custody security and illicit fund movement shifted following the Bybit hack. “Once funds leave a compromised wallet, attackers can atomize and recompose value across chains faster than human response cycles,” he said. This shift changed the industry’s perspective from treating mixers as the primary threat to recognizing that decentralized routing infrastructure itself enables large-scale, automated theft.
The Bybit hack also reignited a long-running debate over crosschain infrastructure and the responsibilities of decentralized protocols. As stolen funds moved across chains, attention once again turned to routing networks such as THORChain and eXch, which have been used by attackers to swap assets without relying on centralized intermediaries. Some swappers like eXch ended up shutting down not long after the hack. Bybit sets new standards for crisis response.
Leave a Reply