On February 21, 2025, Bybit lost approximately $1.5 billion in ETH from its Ethereum cold wallet. It was the largest single theft in digital asset history.

What makes this case instructive for enterprise custody teams: Bybit was using what most consider best-practice security. A 

 multisignature wallet requiring three approvals, with each signer using a Ledger hardware wallet. The entire drain executed in under 15 minutes.

The attack did not break cryptography or steal private keys; it manipulated what the signers believed they were authorizing. The cryptographic layer was intact, but the human trust layer was compromised.

security

> On February 21, 2025, Bybit lost approximately $1.5 billion in ETH from its Ethereum cold wallet. It was the largest single theft in digital asset history.
>
> What makes this case instructive for enterprise custody teams: Bybit was using what most consider best-practice security. A [<ins>Safe (formerly Gnosis Safe)</ins>](https://safe.global/?ref=blog.blockstream.com) multisignature wallet requiring three approvals, with each signer using a Ledger hardware wallet. The entire drain executed in under 15 minutes.
>
> The attack did not break cryptography or steal private keys; it manipulated what the signers believed they were authorizing. The cryptographic layer was intact, but the human trust layer was compromised.
>
> [**...read more at blockstream.com**](https://blog.blockstream.com/what-the-bybit-exploit-reveals-about-enterprise-custody/)