Vlad HrynivSecurity and compliance are the two pillars on which user trust in crypto exchanges is built. While cryptocurrencies are becoming increasingly widespread, the industry is facing a number of ‘antagonists’, including illegal activities. According to Chainalysis, 2024 was likely a record year for funds sent to illegal addresses, reaching $41 billion. Although this amount is less than in previous years, analysts warn that these figures may only be a lower bound estimate.
The most high-profile recent incident was the hacking of the Bybit platform, which once again raised questions about the security of crypto exchanges. In this article, we will analyse the situation with Bybit, and highlight several exchanges that continue to be reliable.
A Brief Overview of the Situation: What Happened to Bybit?
On 21 February 2025, the Bybit crypto exchange suffered a large-scale hack. Crypto detector ZachXBT was one of the first to notice that more than $1.5 billion (~400,000 ETH) was withdrawn from the crypto exchange to an unknown address. The attackers managed to manipulate the wallet signatures by forging a transaction, which changed the logic of the cold wallet’s smart contract, which held a significant amount of Ethereum. The exploit was cleverly disguised, as the exchange’s system saw the correct and trusted address, giving the hackers full control over the assets and the ability to transfer funds to unknown wallets.
Analysts quickly identified the Lazarus hacker group, which has been linked to North Korea, as the attacker. It is worth noting that this is not their first high-profile hack in the crypto industry,
Despite the scale of the attack, Bybit assured that other cold wallets remain safe and withdrawals are working as usual. The exchange was able to quickly track the movement of stolen assets and recover about $50 million. To compensate for the losses, the company used its own reserves, deposits, loans, and direct purchases, which helped avoid financial losses for customers. At the same time, reputational risks for the platform remain significant, and user confidence may suffer in the future.
According to 21shares, the incident was not only the largest hack in the crypto industry, but also in the history of the Internet.
Crypto Exchange Compliance: How Platforms Respond to Threats
A quick response from the exchange is a key factor in minimising costs. In the case of Bybit, they were able to recover some of the funds thanks to:
- Close cooperation with other centralised exchanges and stablecoin issuers, who promptly froze suspicious assets;
- Real-time transaction tracking, which helped to block funds before they were fully laundered.
Many crypto exchanges that are actively resisting hacker attacks are implementing strict compliance measures to prevent financial crime. It includes monitoring transactions, freezing accounts of suspicious users, and cooperating with law enforcement agencies.
Kraken
Kraken is known for its strict security policy. For example, after FTX filed for bankruptcy on 11 November, the exchange froze all accounts related to FTX Group, Alameda Research, and their executives after cooperating with law enforcement agencies. At the same time, Kraken reported that it had received information about a possible hacker attack on FTX, which also involved one of the cryptocurrency exchange’s accounts.
In particular, their head of security Nick Perko noted that they knew the identity of the account holder, and later updated the information about the use of funds from the account to complete the transaction.
Later, on 13 November, Kraken tweeted that the freeze was intended to ‘protect creditors’ and did not affect anyone else’s funds, which helped reassure users about possible liquidity issues. Accordingly, the accounts were frozen due to suspicions that some of the funds were linked to fraud, negligence or misconduct related to FTX.
The Company actively monitored the events related to FTX and was in constant contact with law enforcement authorities.
Binance
As for Binance, it became an important partner in the investigation of the incident with the Turkish cryptocurrency exchange BtcTurk. In June 2024, the latter suffered a cyberattack on cryptocurrency stored on ten hot wallets. As ZachXBT later noted, the attack was linked to suspicious transactions with Avalanche tokens. The funds were transferred to Binance and Coinbase using THORChain and then withdrawn in the Bitcoins to two separate wallets. These actions occurred simultaneously with BtcTurk’s notification of the incident, which confirmed the link between the attack and the suspicious transactions.
However, Binance immediately froze more than $5.3 million, demonstrating its speed of response to attacks and ability to intervene in the investigation process.
In addition, it is worth mentioning that in January 2019, Binance froze all funds related to the Cryptopia hack. The exchange lost about $3.6 million in cryptocurrency, and Binance made efforts to freeze several deposit series, including Metal (MTL) and Kyber Network (KNC). Also in October 2018, Binance froze all funds related to money laundering on WEX.
WhiteBIT
Crypto exchange WhiteBIT has become a key player in the investigation of several serious incidents involving the theft of crypto assets. In particular, their efforts helped protect about $4.8 million in funds.
One of the most significant cases concerns the hacker attack in January 2024 on the personal accounts of Chris Larsen, co-founder of Ripple, where about $112 million was stolen. Larsen confirmed that his personal XRP accounts had been accessed without authorisation, but thanks to the quick actions of WhiteBIT, which reported the suspicious activity, the respective addresses were frozen.
Thomas Silkjær, Head of Analytics and Compliance at the XRP Ledger Foundation, further clarified the situation, noting that the investigation was launched due to the effectiveness of WhiteBIT’s AML department.
In addition, WhiteBIT has demonstrated rapid response in other cases. For example, in response to the Coinspaid crime, the exchange froze significant amounts of cryptocurrency, which helped reduce the losses of affected users. During the TAO Holder case, which was also identified by ZachXBT, the exchange blocked a large amount of USDC and actively supported law enforcement efforts in the recovery process.
An equally important case was the $16 million hack of the Rain.com cryptocurrency exchange organised by the North Korean hacker group Lazarus. The FBI was able to trace the stolen SOL worth $760,000 to the WhiteBIT exchange. In September, the exchange successfully returned the funds to the FBI based on a court order, thereby confirming its commitment to user security and cooperation with law enforcement agencies.
Coinbase
Coinbase, as another leading player in the industry, managed to protect the funds of a pensioner from Asheville, North Carolina, who fell victim to a fraudulent scheme. In particular, in August 2024, the criminals posed as representatives of the Office of the Inspector General and told the man that his personal information had been used to finance the trade in illegal substances and money laundering. They managed to convince the pensioner to transfer all his funds to a special ‘government’ account to prevent the confiscation of his assets. As a result, the fraudsters gained access to his computer, created a fake Gmail account and made a series of bank transfers to the account of the cryptocurrency exchange Coinbase.
Although the banks did not react to the suspicious transactions, the cryptocurrency exchange itself suspected possible fraud a few days after the Bitcoins were transferred to the anonymous account. Coinbase immediately froze the account and contacted law enforcement, which helped save the man from losing almost $500,000.
Joseph Ciccolo, founder of bitcoin and cryptocurrency compliance advisory firm BitAML, commented: ‘In the crypto compliance world we sometimes feel like we’re held up to a much higher standard than traditional banking institutions’
However, it is precisely this focus on suspicious transactions that helps us to detect and block fraudulent transactions in a timely manner.
Tips for Users
Although cryptocurrency exchanges do their best to protect users’ funds, they also need to keep security measures in mind.
- Use two-factor authentication (2FA), an additional layer of protection that makes it harder for unauthorised persons to access your account;
- Update your passwords regularly — use strong and unique passwords for each platform and remember to change them periodically;
- Be alert to phishing attacks — do not click on suspicious links or provide personal information on unverified sites;
- Use cold wallets to store large amounts — to minimise the risk, keep the bulk of your funds in wallets that are not connected to the Internet.
The credibility of cryptocurrency exchanges depends not only on their technological security, but also on their readiness to act in emergency situations. Therefore, it is important that users choose platforms that are constantly improving their compliance and security systems, as their protection is your financial security.
Originally published at https://coinmarketcap.com on February 28, 2025.
