The news about Dubai-based cryptocurrency exchange Bybit losing, in one fell swoop, $1.5 billion (approximately Dh5.51 billion) worth of digital assets following a "sophisticated attack" by hackers, has once again raised the question of security and

Dubai's Virtual Assets Regulatory Authority (VARA) is "actively monitoring" the situation. In a statement shared with Khaleej Times on Saturday, the regulatory body said the hack remains a "highly evolving matter that we will continue to closely track until it stabilises".

Vara clarified that Bybit has not been granted a regulatory licence in Dubai.

The world's second-largest crypto exchange is currently working towards "fulfilling the stringent licensing requirements" to secure a Virtual Asset Service Providers (VASP) operating permit in the emirate.

The Dubai-headquartered exchange said in September last year that it was granted a provisional (non-operational) approval for virtual asset exchange services in Dubai for retail, qualified investors, and institutional users. This marked an "essential milestone" for the company to securing full operational approval in the emirate, it said.

The cryptocurrency exchange on Friday reported a loss of over 400,000 ETH — the second-largest cryptocurrency network by market value after Bitcoin. Key crypto players came together to support the company. This "unprecedented show of solidarity" could lead to stronger industry-wide measures to counter and prevent , Bybit said.

Khaleej Times also spoke to Dubai-based cybersecurity and crypto assets experts who shared their views on how the hacking was done and gave their insights on what’s next for the industry and the public.

Rayad Kamal Ayub, managing director of Rayad Group and leading investor/advisor on crypto assets, noted the largest hacking in crypto history happened after a group of hackers gained access to the so-called cold wallet in which Bybit stored its Ether and sent more than 401,000 Ether — worth about $1.5 billion at Friday’s prices — to an unidentified address.

Rayad Kamal Ayub

What was unnerving about the cybercrime was that it was the crypto wallet — a digital cryptocurrency storage not connected to the internet to protect it from theft — that was hacked, Ayub highlighted.

"The incident occurred when the ETH cold wallet executed a transfer to the Bybit warm wallet (wallet that offers a middle ground as it has varied online exposure based on the user’s needs as compared to hot wallet, which is completely connected to the internet). Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Ayub added.

As a result, the attackers were able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address. The hackers tricked Bybit’s ETH cold wallet signers into approving a malicious transaction to gain control of the wallet. 

"The stolen funds were initially sent to an address beginning 0x476, which received more than 400,000 worth of ETH, then used the ‘sweep ETH function to transfer all available tokens from one contract to another, which likely explains why the transferred amounts are round numbers,” Ayub continued.

“ByBit CEO Ben Zhou said that accounted for about 70 per cent of Bybit’s Ether. The exchange has $20 billion in assets under management and has pledged to honor all customer withdrawals," Ayub added.

It was the biggest single attack — almost double than the previous record in March 2022, when Sky Mavis disclosed that attackers stole $620 million in cryptocurrency (173,600 Ethereum and $25.5 million USD Coin tokens) from Axie Infinity's Ronin network bridge. In April 2022, the FBI linked that incident to two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38). One year earlier, in August 2021, a threat actor stole $611 million in Binance Chain, Ethereum, and Polygon assets from decentralised cross-chain protocol and network Poly Network.

WazirX from India was hacked for $235 million in July 2024; Radiant was hacked for $50 million in October 2024; and DMM Bitcoin was made $308 million lighter in December 2024. In January, hackers stole at least $70 million in crypto from Phemex, a crypto exchange based in Singapore.

Meanwhile, the US, Japan, and South Korea said in January that North Korean state-backed hacking groups stole more than $659 million worth of cryptocurrency last year. But blockchain analysis company Chainalysis said North Korean hackers actually stole $1.34 billion in cryptocurrency in 47 cyberattacks in 2024, breaking their previous record of $1.1 billion in 2022.

On Saturday, Bybit announced for anyone or any group who will help solve the crypto industry's largest heist.

Justin Harper, Dubai-based business editor and co-founder of The Crypto Radio, told Khaleej Times: “I think it will scare people with the sheer size of the amount taken. And the fact it was taken from a cold wallet — which is supposed to be one of the safest ways to store crypto — that will definitely scare people, especially at a time when the industry is facing a lot of negativities over scams and meme coins,” Harper added, underscoring: “Trust is definitely something the industry should build again.”

Justin Harper

“It’s sort of like back to square one for Bybit to try and build the trust again with investors. But, on the other hand, the Bybit CEO has been very transparent about this from the start. We have to praise Zhou for quickly reassuring clients that number one, their money is safe, and that they can withdraw any of their cryptocurrencies at any time. Bybit said they have reserves of around $20 billion,” Harper continued.

Harper said Bybit is on the right track in reassuring their customers and going after the cybercriminals. He added there was an instance in past where the hacked crypto was returned.

It was the Poly Network exploit conducted by anonymous hackers on August 10, 2021. The cyber attackers transferred more than $610 million in digital cryptocurrency, only to return nearly all the assets less than 48 hours later, the company said.

So, the question remains: Is it still safe to invest in cryptocurrency? Irene Corpuz, founding partner and board member of Women in Cybersecurity Middle East, put it plainly: “Anything can be hacked if there's a motivation from the hacker. It's not a matter of whether you will be hacked or not, it's a matter of ‘when you will be hacked’.”

Corpuz stressed: “What is more important is transparency, as what the CEO of Bybit did; that was very important to maintain trust from the customers and investors. Because not only private information was compromised, but also money.”

Irene Corpuz

Ayub also pointed out: “Cryptocurrency provides an alternative to traditional fiat currencies like the US dollar. While the dollar is holding strong relative to many other currencies, inflationary pressures have reduced buying power dramatically in recent years.

"Many types of cryptocurrencies are safer than some national currencies. However, price versus inflation aside, we also must consider the safety of cryptocurrency itself. A core group of blue-chip cryptocurrencies is considered to be safer than others. These include top assets like Bitcoin and Ethereum that have proven security and enjoy a robust worldwide market,” he added.

Ayub also noted many cryptocurrencies can be extremely volatile, changing fast between 50 and 60 per cent.

“Investors, however, often buy crypto assets as part of diversified investment portfolios, giving them gains without concentrating price risk on one type of asset. Investing in any crypto asset can be much safer with proper diversification and a solid education on how to avoid crypto pitfalls,” he added.

Ayub’s advice is to consider using a self-custody crypto wallet to reduce risks associated with exchange insolvencies or paused withdrawals.

“Also, choose your exchange carefully, researching the reputation and staying power of the exchange before you make a deposit. Lastly, beware of crypto scams. The anonymity of the crypto world invites bad actors, so be discerning and learn to recognise potential scams to avoid becoming a statistic,” he added.

“All investments come with risks, including crypto. However, investing in crypto can be much safer with a proper understanding of the risks and a disciplined approach to your crypto portfolio.”