In February 2025 Bybit suffered a $1.4 billion exploit that revealed weaknesses in custody models (cold storage, multisig) and showed how approval flows and signer environments can be manipulated to move funds across chains rapidly. The Financial Action Task Force cited the breach in June 2025, linked it to North Korean-linked Lazarus Group, urged tighter licensing and international coordination, and warned crosschain activity and stablecoins amplify illicit finance risks. The attack prompted changes across exchanges and regulators (notably Singapore), shifted focus to transaction-behavior governance and crosschain routing risks, and set a new precedent for crisis response after Bybit kept withdrawals open and used real-time communications during recovery.

The story documents a $1.4B exploit that exposed fundamental custody weaknesses and crosschain fund movement, was cited by the FATF and linked to the Lazarus Group, and directly prompted exchange and regulatory changes — facts that undermine custody trust (bearish) and have material short-to-medium market implications (moderate impact).