Aon | Financial Services Group
Back to FSG Quick Insights | Subscribe to FSG Quick Insights >>
On Friday, February 21, Bybit, a prominent centralized cryptocurrency exchange, experienced a significant security breach that resulted in the loss of approximately $1.4 billion in Ethereum. While full details are still emerging, initial investigations suggest that the threat actors exploited Bybit’s multisignature cold wallet infrastructure and manipulated the signing interface to approve unauthorized transactions. This attack method aligns with a broader trend in sophisticated social engineering and smart contract manipulation.
This breach marks one of the largest crypto-related security incidents in history, even as Bybit continues work to contain the impact and assess vulnerabilities. It underscores how digital asset custody remains a major concern to the continued growth of crypto markets, particularly for institutional investors, and serves as yet another reminder of the persistent risks that crypto exchanges, Decentralized Finance (DeFi) protocols, and digital asset firms face from highly capable threat actors.
Sector OutlookThe Bybit breach is the latest in a series of high-profile crypto security incidents that have escalated since 2021, with notable precedents such as:
- Ronin Bridge (2022): Approximately $625 million stolen
- Wormhole (2022): Approximately $325 million stolen
- Nomad Bridge (2022): Approximately $190 million stolen1
While cyberattacks have historically spiked alongside Bitcoin price increases, a broader view of contributing factors may contribute to a better understanding of the increased risk. “Crypto bull markets” or times of heightened trading activity, among others, often present new opportunities for threat actors, whether through market speculation, increased user engagement, or a surge in high-value transactions. Additionally, vulnerabilities in algorithmic stablecoins (e.g., TerraUSD) with unstable reserve mechanisms and highly leveraged positions on untested technology, may create further openings for malicious actors.
According to recent reporting from Chainalysis, 2024 saw a 21.07% year-over-year increase in stolen crypto assets, totaling $2.2 billion, with individual hacking incidents rising from 282 in 2023 to 303 in 2024.2 The Chainalysis report also indicates that hacking activity showed a noticeable slowdown after mid-year, possibly tied to shifting geopolitical factors. However, decentralized finance and bridging platforms remain attractive targets. Given the likely continued volatility in the crypto sector, we anticipate further breaches over the next 12 to 18 months.
How Aon Can Help
▼Organizations that operate in this industry should have a wholistic risk strategy to build the strongest defense against the rapidly evolving threats. Aon Cyber Solutions offers a comprehensive suite of services to help organizations in the Web3 and digital asset space strengthen their security posture and mitigate risks before they result in financial losses.
Our advisory services include risk assessments to better identify security gaps, security governance and compliance reviews, incident response planning, smart contract security assessments, adversary simulations, dark web intelligence, and DevSecOps assessments to hone in on the development lifecycle.
It is equally important to have the necessary insurance in place to address exposures to technology and assets for which companies are responsible. Insurance policies, such as Cyber, Technology Errors & Omissions, Hot and Cold Wallet Crime and Cold Storage Specie, can provide meaningful support to organizations, their executives, and their customers. In addition to paying claims when they arise, these policies can help organizations improve their risk controls when going through the underwriting process and help enhance trust with partners, counterparties and regulators, which makes it easier to do business. The terms and conditions of these policies may vary drastically, especially as insurers remain cautious, but Aon has been driving the market to support the evolution of these products.
For organizations that want to enhance their ability to detect and respond to threats, our team is available to provide tailored cybersecurity solutions that align with the evolving risk landscape in the digital asset sector. Additionally, our experienced brokerage teams can help businesses navigate uncertainty and ensure insurance programs and risk management strategies are tailored to meet specific business objectives and financial considerations to support healthy growth and longevity.
1: Cross-Chain Bridge Hacks Emerge as Top Security Risk
2: The 2025 Crypto Crime Report
About Aon
Aon (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting Aon’s newsroom and sign up for news alerts here.
©2025 Aon plc. All rights reserved.
Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or insurance advisors on any commentary provided herein. All descriptions, summaries or highlights of coverage described herein are for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any relevant policy. Coverage is governed only by the terms and conditions of such policy. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.
The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity.
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.