Bybit is a centralized cryptocurrency exchange platform, legally known as Bybit Fintech FZE, that was established in March 2018. ^[1] As a centralized exchange, Bybit acts as a trusted intermediary, holding custody of users' assets to facilitate trading, in contrast to decentralized platforms where users retain direct control of their private keys. Founded by Ben Zhou, who also serves as its CEO, the company is headquartered in Dubai, United Arab Emirates. The relocation from its original base in Singapore in 2022 was a strategic move to capitalize on Dubai's emerging status as a global crypto-friendly hub with a progressive regulatory framework. ^[3] The platform provides a comprehensive suite of financial services, including advanced cryptocurrency trading and a gateway to Web3 solutions, to a global user base. ^{[1] [2]} Due to the complex and evolving nature of digital asset regulation, the exchange does not offer services or products in the United States and has faced regulatory scrutiny in several other jurisdictions. ^[2] As of November 2025, the platform reported a registered user base of over 79.1 million worldwide, making it one of the largest cryptocurrency exchanges by user count. ^[1]

In February 2025, the exchange's reputation for security was severely challenged when it was targeted by one of the largest cryptocurrency heists in history. The event, which involved a highly sophisticated attack methodology, had significant repercussions for the company, its users, and the wider perception of security in the centralized crypto market. ^[2]

History

Bybit was founded in March 2018 by its current CEO, Ben Zhou, a professional with a background in the traditional finance and forex brokerage industry. ^[1] The exchange was launched in the period following the 2017 crypto bull run, a time of immense retail and institutional interest in digital assets. From its inception, Bybit distinguished itself by focusing on the derivatives market, particularly perpetual contracts, which allowed traders to speculate on cryptocurrency price movements with high leverage. This focus on professional-grade trading tools and a robust matching engine enabled the platform to capture a significant share of the derivatives market.

In 2022, the company made a pivotal decision to relocate its global headquarters from Singapore to Dubai, United Arab Emirates. ^[3] This move was part of a broader trend of crypto companies seeking jurisdictions with clear regulatory frameworks. By establishing its headquarters in Dubai, Bybit aligned itself with the city's ambition to become a leading international hub for virtual assets, operating under the oversight of the newly formed Virtual Assets Regulatory Authority (VARA).

Products and Services

Bybit offers a comprehensive suite of crypto services and product solutions designed to cater to a wide spectrum of users, from beginners to seasoned institutional traders. The platform has a significant mobile presence, with its application on the Google Play store accumulating over 10 million downloads. ^[3]

Trading Services

The core of Bybit's offerings is its powerful trading engine, which supports a wide array of options. These include standard Spot Trading for buying and selling assets at market price, Margin Trading for trading with borrowed funds, and a sophisticated Derivatives Trading platform for Perpetuals, Futures, and Options. To serve more advanced trading needs, the exchange offers features such as Leveraged Tokens, which provide leveraged exposure to a crypto asset without the complexities of managing a margin position; Pre-Market Trading for accessing tokens before their official listing; Copy Trading, which allows users to automatically replicate the trades of experienced investors; Spot X for executing large block trades with minimal price slippage; and Spread Trading for capitalizing on price differences between different contracts. ^{[1] [3]}

Trading Tools

To support its trading services, Bybit provides an ecosystem of analytical and automated tools. The platform features automated Trading Bots that can execute strategies 24/7 based on preset parameters, removing the need for manual intervention. It also offers an AI-powered assistant called TradeGPT, which provides market analysis, data, and answers to trading-related questions. For options traders, a Position Builder tool helps construct and analyze complex strategies. The platform also integrates with popular third-party charting software like TradingView and the professional trading terminal MetaTrader 5 (MT5). To help users learn without financial risk, Bybit provides a Demo Trading environment. For deeper market insights, an on-chain data analytics tool called Alpha gives users access to blockchain-level data. ^[1]

Financial Services and Earn

Through its "Bybit Earn" suite, the platform offers users various ways to generate passive income, or yield, on their crypto holdings. Popular products include Bybit Savings, which functions like a crypto savings account, and Liquidity Mining, where users contribute funds to liquidity pools to earn fees. Other financial services include Crypto Loans, which allow users to borrow against their crypto assets; an over-the-counter (OTC) desk for facilitating large-volume trades privately; Bybit Pay for merchants and users; and Margin Staked SOL. A key product is the Bybit Card, a crypto-backed Mastercard or Visa debit card that allows users to spend their cryptocurrency holdings at merchants worldwide, bridging the gap between digital assets and traditional finance. It offers rewards such as up to 10% cashback. ^[1]

Web3 Ecosystem

Beyond its centralized services, Bybit has developed a Web3 ecosystem to provide users with access to the decentralized internet. This includes a self-custody wallet, which gives users full control over their private keys and assets, contrasting with the custodial nature of the main exchange. The ecosystem also features Launchpad, a token launch platform that gives investors early access to promising new crypto projects. Through its Web3 portal, users can interact with the broader world of decentralized finance (DeFi), explore decentralized applications (dApps), and trade on an integrated NFT Marketplace. The platform maintains a strategic partnership with the Mantle (MNT) ecosystem, a high-performance Ethereum layer-2 network. ^{[1] [3]}

Security

Bybit’s security framework is built on a multi-layered system designed to protect user assets. Its core strategy involves segregating funds between "cold wallets" and "hot wallets." Cold wallets are high-security, offline storage systems where the majority of customer funds are kept to protect them from online threats. Hot wallets are connected to the internet and hold a smaller portion of assets to facilitate the liquidity needed for daily withdrawals and trading. To authorize transactions, particularly large movements of funds from cold storage, the exchange employed a multi-signature (multisig) process. This protocol requires electronic sign-offs from multiple authorized individuals, including high-level executives like CEO Ben Zhou, to prevent any single person from being a point of failure. For managing its transaction and multisig processes, Bybit used a third-party software platform called Safe (formerly Gnosis Safe), a widely used solution for digital asset management. ^[2]

February 2025 Breach

On February 21, 2025, Bybit's security was compromised during what appeared to be a routine transfer of funds between its hot and cold wallets. The attackers, later identified by authorities and cybersecurity firms as the North Korean state-sponsored Lazarus Group, exploited a zero-day vulnerability in the user interface (UI) source code of the Safe software. The attack was a sophisticated blend of a technical exploit and social engineering. Blockchain analytics firms Arkham Intelligence and Elliptic were instrumental in tracing the stolen funds and attributing the hack to the Lazarus Group. ^[2]

The hackers embedded malicious code into the software's frontend interface. When Bybit personnel initiated a legitimate, large-scale transaction, this code intercepted the request. It then altered how the transaction details were displayed on the screen, making the malicious transaction—which redirected funds to wallets controlled by the attackers—appear identical to the intended, legitimate one. Unaware of the manipulation, the required signatories approved the transaction, thereby bypassing the multisig protocol's defenses. An alternative account that emerged in the initial aftermath suggested the attack stemmed from a private key leak in the exchange's hot wallet system, though subsequent analysis pointed toward the UI exploit. [[https://crystalintelligence.com/investigations/the-10-biggest-crypto-hacks-in-history/The 10 Biggest Crypto Hacks In History]]

A report cited in a later analysis noted a critical operational oversight: Bybit had allegedly continued to use the Safe software despite prior internal knowledge that it was not fully compatible with another one of the exchange's security services. This suggested a potential failure in the company's third-party risk assessment protocols, highlighting the systemic risks associated with relying on external software for core security functions. ^[2]

Controversies

February 2025 Heist

On February 21, 2025, Bybit fell victim to a catastrophic security breach, resulting in the loss of approximately 400,000 Ethereum (ETH) tokens. At the time of the theft, this cache was valued at $1.5 billion, making it the largest cryptocurrency heist from an exchange in history and a major blow to the industry's credibility. ^[2] [[https://crystalintelligence.com/investigations/the-10-biggest-crypto-hacks-in-history/The 10 Biggest Crypto Hacks In History]]

On February 26, 2025, the U.S. Federal Bureau of Investigation (FBI) formally attributed the attack to the Lazarus Group, a state-sponsored hacking organization linked to North Korea, also known by the designation "TraderTraitor actors." The FBI filed formal charges against North Korean hackers for the theft, framing it as part of a state-led campaign to acquire foreign currency through illicit cyber activities. ^[2] [[https://crystalintelligence.com/investigations/the-10-biggest-crypto-hacks-in-history/The 10 Biggest Crypto Hacks In History]]

Following the theft, on-chain investigators tracked the stolen funds as they were moved through a complex web of transactions designed to obscure their origin. The funds were laundered through decentralized exchanges and anonymous trading platforms like eXch and THORChain, which allow for cross-chain swaps without Know Your Customer (KYC) requirements. ^[2] The hack sent shockwaves through the market, contributing to a sharp decline in investor confidence. The price of Bitcoin fell 20% from its January 2025 all-time high of $109,071 in the weeks following the event, as fear spread about the security of other centralized platforms. ^[2]

In the aftermath, CEO Ben Zhou publicly acknowledged the attack and assured users that the company was financially stable and would cover all losses. To aid in the recovery effort, the company launched a public bounty program, branded as the "Lazarus hunt," offering a substantial reward for information leading to the recovery of the stolen funds or the arrest of the perpetrators. This leveraged the global crypto community's expertise in blockchain tracing. ^[4]