🕑 8 min read
The exchange that survived the largest crypto theft in history – and kept growing
$1.5 billion. Gone. Stolen by North Korean state hackers on a Friday afternoon in February 2025, siphoned from a single Ethereum cold wallet while Bybit’s own team thought they were signing a routine transfer.
That should have been the end. It wasn’t.
Fourteen months later, Bybit ranks second globally by trading volume, holds a perfect 10/10 trust score on CoinGecko, and claims over 60 million registered users. This Bybit review digs into the fees, the security overhaul, the derivatives arsenal, and the uncomfortable questions you need answered before depositing a single dollar.
What you’ll learn
- Bybit charges 0.10% spot and 0.02%/0.055% derivatives fees – 12x cheaper than Coinbase’s 1.20% taker rate, making it one of the most cost-efficient exchanges for active traders.
- After losing $1.5 billion to North Korea’s Lazarus Group in February 2025 – the largest crypto theft ever – Bybit processed 350,000 withdrawal requests within 12 hours and fully covered losses without touching user funds.
- The exchange offers 550+ derivatives pairs with up to 125x leverage across 160+ countries, but remains completely blocked in the US, UK, Canada, and Singapore.
Bybit fees undercut Coinbase by 12x – with a catch
The fee structure is straightforward. Spot trading starts at 0.10% for both maker and taker. That’s identical to Binance and ten times lower than Coinbase’s 1.20% taker rate.
Derivatives get cheaper. Makers pay just 0.02%, takers 0.055%. For a $10,000 trade, that’s $2 maker or $5.50 taker – compared to $10 on Binance’s base tier.
Options traders pay even less: 0.02% maker, 0.03% taker.
| Spot Maker | Spot Taker | Deriv. Maker | Deriv. Taker | |
|---|---|---|---|---|
| Bybit | 0.10% | 0.10% | 0.02% | 0.055% |
| Binance | 0.10% | 0.10% | 0.02% | 0.05% |
| Coinbase | 0.60% | 1.20% | N/A | N/A |
| Kraken | 0.16% | 0.26% | 0.02% | 0.05% |
VIP tiers slash these further. Supreme VIP drops perpetual maker fees to 0.00% – literally free. But qualifying requires enormous volume, and most retail traders won’t sniff those tiers.
The catch? No native exchange token. Binance offers 25% fee discounts for paying in BNB. OKX does the same with OKB. Bybit doesn’t have that lever, which means the headline rates are the real rates. Whether that’s a pro or a con depends on how you feel about holding exchange tokens during a bear market. Ask anyone who held FTT.
The $1.5B hack that should have ended Bybit
Picture this: 350,000 withdrawal requests flooding in over 10 hours. Your CEO going live on camera within 30 minutes of discovering that North Korean hackers just drained your largest Ethereum cold wallet. The crypto equivalent of a bank run, except every transaction is public and the world is watching in real time.
That was Bybit on February 21, 2025.
The attack was sophisticated – and it didn’t start at Bybit. A developer at Safe{Wallet}, the multi-signature platform Bybit used for cold storage, fell for a social engineering attack weeks earlier. The hackers compromised his workstation, stole AWS session tokens, bypassed MFA, and injected malicious JavaScript into the Safe{Wallet} interface. When Bybit’s team initiated a routine ETH transfer, the UI showed one destination. The code sent 401,000 ETH to wallets controlled by North Korea’s Lazarus Group.
“Bybit is solvent even if this hack loss is not recovered. All of clients’ assets are 1 to 1 backed. We can cover the loss,” said Ben Zhou, Bybit’s CEO, during the live stream.
He wasn’t bluffing. Within 12 hours, Bybit had processed 99% of withdrawal requests. The exchange secured bridge loans, tapped its own reserves, and covered the entire $1.5 billion shortfall without any user losing a cent. The FBI formally attributed the attack to North Korea’s “TraderTraitor” operation. Blockchain investigators traced 77% of the stolen funds through trackable transactions, though roughly 20% disappeared into mixers and OTC desks.
Most exchanges would have collapsed. Mt. Gox did. FTX did. Bybit grew.
So what changed? Bybit ditched Safe{Wallet}, migrated to hardware security modules, the tamper-resistant physical devices that store cryptographic keys offline. Multi-level transaction approval workflows replaced the old system. Third-party audits from Hacken now run monthly. As of April 2026, Bybit has published 32 consecutive proof-of-reserves reports, each independently verified, each showing reserve ratios above 100% across all tracked assets.
“Unless there’s a physical break-in, no one will be able to touch tokens,” said Zhou in a January 2026 Fortune interview. That’s a bold claim from someone who watched $1.5 billion vanish – but the post-hack infrastructure backs it up.
Does surviving one catastrophic breach guarantee future safety? Of course not. But the response – transparency within minutes, full reimbursement within hours, systemic overhaul within months – sets a standard that most competitors haven’t been tested against. Traders evaluating whether Bybit is safe in 2026 should weigh the breach itself against the recovery. We’ve reviewed the monthly PoR reports, and the receipts check out.
550+ derivatives pairs and 125x leverage – the trading arsenal
Bybit’s real edge isn’t the interface. It’s derivatives depth.
The platform lists over 550 USDT- and USDC-denominated perpetual contracts, coin-margined inverse perpetuals, quarterly futures, and an options market that most competitors either don’t offer or barely support. Maximum leverage reaches 125x on select USDC perpetuals – though BTCUSDT caps at 100x under the lowest risk tier. For context, Coinbase doesn’t offer leveraged derivatives at all, and Kraken caps futures at 50x.
But leverage is a loaded gun. And 125x on a volatile asset is the equivalent of playing Russian roulette with five chambers loaded. A 0.8% move against a 125x position wipes you out completely. Bybit’s insurance fund absorbs some liquidation overflow, but it doesn’t protect you from your own overconfidence.
Beyond raw trading, the feature stack runs deep. Copy trading connects you to 13,000+ experienced traders whose positions you can mirror automatically – Bybit’s version of managed accounts for people who don’t want to stare at charts at 3 AM. Bybit Earn offers flexible and fixed savings products, dual-asset structured products, and staking. The Launchpad hosts token offerings. P2P trading supports 60+ fiat currencies. There’s a Bybit Card for spending crypto. And trading bots – spot grid, futures grid, DCA, Martingale – for anyone who’s automated their strategy.
The newest addition, Aurora AI, suggests strategies based on market conditions. Whether an AI recommending trades on a crypto exchange is helpful or terrifying depends on your risk tolerance.
Can you actually use Bybit? Depends on your passport.
No BNB, no US access – the fine print
Bybit holds regulatory licenses in the UAE (both VARA in Dubai and SCA on the mainland), Austria under MiCA for EEA spot services, plus approvals in Kazakhstan, India, and Georgia. That’s a broader regulatory footprint than most derivatives-focused exchanges.
But the restricted list is long. US residents are completely blocked. So are users in the UK, Canada, Singapore, Hong Kong, France, mainland China, North Korea, Cuba, Iran, and several other jurisdictions. That’s roughly 16 countries, including the world’s two largest crypto markets by institutional capital.
For US traders looking for leverage: Coinbase vs Kraken vs Binance covers domestic alternatives. None match Bybit’s derivatives depth, but at least you won’t get your account frozen.
Full KYC is required for most features. You’ll upload ID documents, verify your address, and complete facial recognition. The process takes minutes, but privacy-focused traders won’t love it.
The no-token situation deserves attention. Binance’s BNB generates $2+ billion in annual revenue and gives holders fee discounts, Launchpad access, and governance-lite participation. OKX offers similar perks with OKB. Bybit has… nothing. No loyalty token, no fee-discount flywheel, no speculative upside tied to the platform’s growth. That’s either refreshingly honest – you’re a customer, not an investor in the exchange’s token economy – or a missed opportunity, depending on your perspective.
Bybit vs Binance vs Coinbase – a Bybit review scorecard
We’ve compiled the key differences that matter for most traders. What caught our attention: Bybit’s derivatives fees sit below Binance’s already-low rates in the maker tier, but Binance’s BNB discount effectively neutralizes that advantage for anyone willing to hold BNB.
| Bybit | Binance | Coinbase | |
|---|---|---|---|
| Trust Score | 10/10 | 10/10 | 10/10 |
| Spot Taker Fee | 0.10% | 0.10% | 1.20% |
| Derivatives Taker | 0.055% | 0.05% | N/A |
| Registered Users | 60M+ | 300M+ | 110M+ |
| Trading Pairs | 630+ | 1,400+ | 382+ |
| Max Leverage | 125x | 125x | N/A |
| US Access | No | No | Yes |
| Native Token | None | BNB | None |
| Proof of Reserves | Monthly (Hacken) | Monthly | N/A (NASDAQ) |
| Worst Incident | $1.5B hack (2025) | $4.3B DOJ fine (2023) | $161M breach (2025) |
Pros:
- Derivatives fees among the lowest in the industry
- Survived and fully covered the largest crypto hack in history
- Deep derivatives liquidity (third-largest by volume globally)
- Monthly independently verified proof of reserves
- Copy trading, trading bots, and Earn products built in
- 32 consecutive PoR reports, all above 100% collateralization
Cons:
- Blocked in the US, UK, Canada, Singapore, and 12+ other countries
- No native token means no fee discounts or loyalty perks
- Learning curve for leverage products is steep – and expensive when you’re wrong
- Full KYC required, no anonymous trading option
- Exchange didn’t detect the supply-chain attack until funds were gone
- Q1 2026 derivatives market share (13%) trails Binance (35%) and OKX (19%)
Who Bybit fits: Active derivatives traders outside restricted jurisdictions who prioritize low fees and deep liquidity over regulatory clarity. Experienced leverage traders. Copy trading beginners who want exposure without managing positions.
Who should look elsewhere: US-based traders (legally can’t access it). Anyone uncomfortable with an exchange that suffered a $1.5 billion breach 14 months ago. Spot-only investors who won’t benefit from derivatives-focused infrastructure. Beginners who might start with how to buy Bitcoin on a simpler, domestically regulated platform.
If Bybit continues publishing clean monthly audits while maintaining its post-hack security overhaul, the exchange’s risk profile improves with every passing quarter. If another breach surfaces – especially one originating from inside Bybit’s own infrastructure rather than a third-party vendor – the trust capital from surviving February 2025 evaporates overnight.
Considering a derivatives exchange? See our Binance review and Coinbase vs Kraken vs Binance comparison for the full picture.
The $1.5B hack proved Bybit can survive a worst-case scenario. Whether that survival translates into long-term trust – or just a delayed reckoning – depends on the next 12 months of audits, regulatory approvals, and zero headlines involving Lazarus Group.
This is not financial advice. DYOR. Data as of April 12, 2026.
Sources: CoinGecko Exchange Data, FBI IC3 Advisory PSA250226, Bybit Proof of Reserves (Hacken), Chainalysis Bybit Hack Analysis, NCC Group Technical Analysis, CryptoQuant Q1 2026 Exchange Volumes
Leave a Reply