On February 21, 2025, Bybit (Dubai-based cryptocurrency exchange) suffered the largest cryptocurrency theft ever recorded: $1.46 billion in Ethereum stolen from a cold wallet. North Korea’s Lazarus Group (TraderTraitor / Jade Sleet / Slow Pisces / UNC4899) compromised a Safe{Wallet} developer’s workstation via social engineering, stealing AWS session tokens to bypass MFA and gain access to Safe{Wallet}’s AWS infrastructure. Attackers injected malicious JavaScript into the Safe{Wallet} UI, which manipulated transaction destination addresses when Bybit employees initiated transfers. After the theft, 86.29% of stolen ETH was laundered via crypto mixers. FBI attributed attack to TraderTraitor. Classic software supply chain attack via a trusted third-party signing interface. Customer PII (names, emails, phone numbers) also exposed. Bybit CEO confirmed the attack publicly within hours.