Insight
February 28, 2025
Over the past week, the crypto industry has been shaken by the high-profile theft from the Dubai-based crypto exchange Bybit. According to Coin Market Cap, Bybit is ranked second in terms of spot exchanges (out of 426) and third in derivatives exchanges (out of 510). The $1.45 billion hack, attributed to North Korea’s Lazarus Group, is the single largest theft in human history in nominal dollars and second only to the $920 million theft from Iraq’s Central Bank in 2003 in terms of present-day dollars.
Details about the hack, including tracing the stolen funds, emerged nearly in real-time. However, it wasn’t until midweek that detailed analysis of the hack was reported by Bybit and its Ethereum wallet provider, Safe (fka Gnosis Safe). Investors might remember Gnosis for its 2017 initial coin offering (ICO) which raised $12.5M in just 10 minutes at an initial valuation of over $300 million, a big number for the industry at the time. While Gnosis’s original idea of prediction markets never really took off, what did was its multi-signature smart contract wallet which was used to secure the ICO’s assets. It quickly became an industry favorite and today secures over $100 billion in assets.
The detailed analysis and statements (here and here) reveal important details on the hack, with a full report still expected from Safe. The hack is a highly sophisticated attack pulled off by a nation state—our summary of the events is:
While the industry showed remarkable collaboration in the wake of the event, sharing information, tracking and blocking stolen funds, recovering and freezing some assets, and issuing bridge loans covering all the stolen ETH, two industry custody practices were front and center of the conversation—multisig and cold storage.
Multisig custody arrangements, which require two or more signatures to move funds, while an improvement in theory, offered little protection in the case of Bybit. The idea behind multisig is simply that it requires the sign off from multiple entities, eliminating a single point of failure. The issue in the Bybit case was that despite the fact there were multiple signers, they still all signed a malicious transaction. How they did that still isn’t entirely clear. They could’ve signed a transaction without verifying its details or been fed false transaction details entirely.
Cold storage for custody purposes refers to the method of keeping the private keys controlling cryptocurrencies offline, reducing the risk of theft or loss. There are several ways to keep private keys offline, such as a hardware wallet, paper wallet, or specialized computer called a hardware security module (HSM). In the case of the Bybit, management referred to the custody arrangement for the stolen ETH as “cold storage” as the private keys were held on Ledger hardware wallets.
While the private keys may have been technically in “cold storage,” almost nothing was “cold” about the rest of their transaction signing processes. Cloud storage, a web hosted signature and resource management system, a series of smart contracts on the Ethereum blockchain—none of these are cold. To call this setup “cold storage” gives a false sense of security to users and is disingenuous to industry participants that employ more robust cold storage techniques.
While the hack must be devastating for Bybit and its customers, it reflects poorly on the broader crypto industry at large. It’s no secret that proceeds generated from Lazarus’s hacking exploits go to fund North Korea’s nuclear and ballistic missile programs. Today, those proceeds total $6.2B since 2016 according to analysis compiled by Chainalysis. This should serve as a wake-up call for the industry—weak security practices in crypto aren’t just an industry issue; they have real-world consequences, making the world less safe.
Bitcoin’s price continues to struggle, falling $78.2K early Friday morning. Bitcoin was down 15.4% on the week and 18.0% through Thursday for February. While no one fundamental event seems to be at fault for bitcoin’s decline, a lack of near-term catalyst coupled with the Bybit hack and memecoin mayhem seem to have rankled industry confidence. In addition, traditional financial markets are struggling against the backdrop of geopolitical drama and the impact of Trump’s economic policies, like tariffs. The Nasdaq Composite was down 7.1% and S&P 500 down 5.1% on the week, while long term US Treasuries were up 3.2%. Gold, which had been having an outstanding start to the year, also reversed course, down 1.5.%.
Funding rates on perpetual swaps are subdued right now, with an open interest weighted average of 0.003% per 8h or 0.3% on an annualized basis. Based on this metric, it seems as if traders are equally bullish and bearish. Open interest on futures is down nearly 15% since the December highs, which may be another sign of indecisiveness of traders.
Bitcoin futures liquidations offshore piled up as bitcoin broke down, totaling $1.6B since Sunday. Long liquidations spiked to $440M as bitcoin fell through $90K, indicating that was an important price level for traders. Total digital asset industry long liquidations total $3.2B over that same time frame, as many alts were hit harder than bitcoin.
Spot ETFs have shown consistent outflows over the past two weeks. Led by IBIT and FBTC, outflows have totaled $3.3B over that time. Given the preponderance of hedge funds to traffic in IBIT and FBTC over other ETFs, our guess is much of the flows have been driven by hedge funds taking off the basis trade as the annualized basis has come in from mid-teens percentages to mid to high single digits since December. Hedge fund shorts of CME futures peaked on December 17th and have declined 11% or by about $1.4B on a notional basis.
The total stablecoins outstanding have declined, but only by $3B or 1.2% over the past 2 weeks. Some stresses in the market have appeared, however, as the price of Tether (USDT) declined when bitcoin corrected. The decline in the price of USDT was short-lived and it has come back up close to $1.00.
As of Thursday’s close, the price of bitcoin is down 20.8% from the Inauguration Day high (intraday high to low shows a 28.5% decline). While the retrenchment has been challenging, as the following chart shows, these fluctuations are a regular part of the asset’s price cycle. Bitcoin has undergone similar retracements multiple times in the past, often rebounding to new highs after periods of consolidation.
The following chart compares bitcoin’s prior price cycles from trough to peak with the current. At 829 days into the current cycle, bitcoin is unsurprisingly lower than in the previous 3 cycles. The amplitudes of bitcoin’s cycle peaks are likely to decline over time as the asset becomes larger and more mature. This may indicate a more gradual and sustainable growth pattern compared with previous cycles, although bitcoin tends to experience exponential price growth in the later parts of the cycle, which leaves room for more price appreciation in the future.
While we have already explored many of the market dynamics in the previous section, we point out that market technicians have noted that bitcoin has now made a “double top” formation and would need to complete the pattern before becoming more constructive. Some important price levels are $73.8K, the March 2024 high, and $70.6K, bitcoin’s price before the November election.
While the election was a big benefit for many altcoins largely due to the expectations of improved regulatory clarity, many have struggled to maintain their post-election gains. SOL and ETH are two notable examples of large cap assets that are lower than before the November 5th election.
While significant developments have already unfolded since the election, important potential catalysts for investors remain:
Investing:
BlackRock Adds Its Bitcoin ETF to Model Portfolio for First Time - Bloomberg
Citadel Securities Plans to Trade Digital Coins on Exchanges - Bloomberg
All Sectors Have Underperformed BTC this Year - Delphi Digital on X
Regulation and Taxation:
Staff Statement on Meme Coins - SEC
Behind the Headlines: Debunking Misconceptions of Cryptocurrency and Crime - Wilson Center
Feds Recover $31 Million in Crypto From 2021’s Uranium Finance Exploit - Decypt
The Chainalysis 2025 Crypto Crime Report - Chainalysis
CME Group to Launch Solana (SOL) Futures on March 17 - CME Group
Companies:
Ethena Raises $100 Million In Private ENA Token Sale to Build Out New Chain and Institutional Product - The Block
USDD’s TRON DAO Reserve shuts down its DAO - Protos
Bybit Hack:
Safe{Wallet} Statement on Targeted Attack on Bybit - Safe Wallet on X
Bybit Hack Reports - Bybit
Leveraging Transparency for Collaboration in the Wake of Record-Breaking Bybit Theft - Chainalysis
Real-Time Blocklist Data from the Bybit DPRK Exploit - Elliptic
Bybit Lazarus Bounty Website - Bybit
Mar 4 - FTX creditor payment deadline
Mar 12 - CPI release
Mar 19 - FOMC interest rate decision
Jul 2 - Final SEC deadline for decision on GDLC ETF conversion
Jul 22 - EO Working Group report deadline
This report has been prepared solely for informational purposes and does not represent investment advice or provide an opinion regarding the fairness of any transaction to any and all parties nor does it constitute an offer, solicitation or a recommendation to buy or sell any particular security or instrument or to adopt any investment strategy. Charts and graphs provided herein are for illustrative purposes only. This report does not represent valuation judgments with respect to any financial instrument, issuer, security or sector that may be described or referenced herein and does not represent a formal or official view of New York Digital Investment Group or its affiliates (collectively NYDIG).It should not be assumed that NYDIG will make investment recommendations in the future that are consistent with the views expressed herein, or use any or all of the techniques or methods of analysis described herein. NYDIG may have positions (long or short) or engage in securities transactions that are not consistent with the information and views expressed in this report. The information provided herein is valid only for the purpose stated herein and as of the date hereof (or such other date as may be indicated herein) and no undertaking has been made to update the information, which may be superseded by subsequent market events or for other reasons. The information in this report may contain forward-looking statements regarding future events, targets or expectations. NYDIG neither assumes any duty to nor undertakes to update any forward-looking statements. There is no assurance that any forward-looking events or targets will be achieved, and actual outcomes may be significantly different from those shown herein. The information in this report, including statements concerning financial market trends, is based on current market conditions, which will fluctuate and may be superseded by subsequent market events or for other reasons. Information furnished by others, upon which all or portions of this report are based, are from sources believed to be reliable. However, NYDIG makes no representation as to the accuracy, adequacy or completeness of such information and has accepted the information without further verification. No warranty is given as to the accuracy, adequacy or completeness of such information. No responsibility is taken for changes in market conditions or laws or regulations and no obligation is assumed to revise this report to reflect changes, events or conditions that occur subsequent to the date hereof. Nothing contained herein constitutes investment, legal, tax or other advice nor is it to be relied on in making an investment or other decision. Legal advice can only be provided by legal counsel. NYDIG shall have no liability to any third party in respect of this report or any actions taken or decisions made as a consequence of the information set forth herein. By accessing this report, the recipient acknowledges its understanding and acceptance of the foregoing terms.
