In the spring of 2024, a breach at the cryptocurrency exchange Bybit made headlines—not because it was particularly advanced, but because it could have been avoided. The attackers exploited a software vulnerability that had been flagged months earlier but never fixed. Once they had their way in, they quietly drained funds before anyone noticed. By the time the breach was discovered, millions of dollars had been siphoned off. Bybit publicly acknowledged the incident on February 15, 2024, in a post on X: “We have identified a vulnerability and are working tirelessly to secure our systems and mitigate any impact.” (Source) 

A similar story had played out at Phemex just weeks earlier, though the entry point was different. Instead of exploiting a software bug, the attackers relied on social engineering. They managed to get hold of admin credentials—simply by tricking employees—and used them to gain further access. With those credentials, they could move freely within the system, escalating their permissions until they were in a position to transfer funds out. 

What’s striking is that neither breach relied on particularly sophisticated methods. At Bybit, it was a known issue that hadn’t been addressed, a basic API vulnerability that could have been patched long before the attack took place. At Phemex, it was a matter of controls around credentials being too loose—an absence of strong authentication measures and clear policies. In both cases, the attackers didn’t have to create new techniques; they just took advantage of what was already there. 

If Bybit had patched the vulnerability, the attackers wouldn’t have had an opening. If Phemex had enforced stricter controls on how admin accounts were handled, the attackers wouldn’t have been able to use them so easily. These weren’t esoteric problems. They were simple, preventable issues that, if addressed in time, would have kept both companies out of the news. 

These breaches serve as a reminder that the foundations of good security—keeping software up to date, implementing clear account policies, and making sure these measures are actually enforced—are what make the difference. When these basics aren’t taken care of, even routine problems can escalate into major incidents. For businesses, the message is clear: start with the fundamentals. They’re not just best practices—they’re essential. 

For a free cybersecurity audit, book a session to talk to us directly here.

References: 

  1.  Rekt News, “Phemex Breach Analysis: A Case Study in Credential Exploitation,” February 2025, https://rekt.news/phemex-rekt/ 

  2.  The Hacker News, “Bybit Confirms Record-Breaking $146 Million Crypto Heist,” February 2025, https://thehackernews.com/2025/02/bybit-confirms-record-breaking-146.html 

  3.  X, Bybit Official, February 15, 2024, https://x.com/Bybit_Official/status/1892965292931702929