No other industry would tolerate such glaring cybersecurity failures. Yet in crypto, where billions of dollars in customer funds are at stake, inadequate protections remain the norm. The recent $1.5 billion Bybit hack—executed through a shockingly preventable security lapse—should serve as a final warning that the industry’s lax approach to safeguarding assets is not just unsustainable, but indefensible.
On February 21, Ben Zhou, CEO of Bybit, unknowingly facilitated one of the largest thefts in crypto history. He approved what seemed to be a routine transfer, only to realize minutes later that North Korean hackers had seized control of Bybit’s system, draining $1.5 billion in Ether. The culprit? A reliance on an inadequate and widely available security tool, Safe, which had been flagged internally as a potential risk months before the breach.
Had a financial institution or major corporation been breached in such an amateurish manner—due to unvetted, open-source software—the repercussions would have been swift and severe. Regulatory bodies would have intervened, executives would have resigned, and massive fines would have been imposed. Yet in crypto, even after billions vanish, operations continue as usual, with few consequences beyond shaken investor confidence and a temporary market dip.
Crypto exchanges have long positioned themselves as financial institutions of the future, yet they refuse to adopt even the most basic security standards expected in traditional finance. No major bank or payment processor would store billions without robust, redundant security measures, let alone trust third-party software designed for casual use. Bybit’s failure to upgrade its security, despite recognizing flaws in its system months in advance, is a glaring example of the industry’s reckless negligence.
Predictably, the Bybit hack triggered panic, with Bitcoin plunging 20%—its worst drop since the 2022 FTX collapse. Customers scrambled to withdraw funds, and Bybit was left scrambling to cover the losses, borrowing from competitors and dipping into reserves. Meanwhile, Zhou’s casual social media posts about his stress levels added to the absurdity of the situation. Would a banking CEO joke about losing $1.5 billion?
The crypto industry cannot afford to operate with such disregard for security. The Bybit debacle is just the latest reminder that until exchanges adopt real-world financial safeguards, the sector will remain a playground for hackers rather than a legitimate financial system. The time for casual security measures is over. If crypto truly wants mainstream adoption, it must start acting like a serious industry—not a perpetual experiment in negligence.