STM, one of Türkiye’s leading organizations in the field of cybersecurity, has revealed the cybersecurity landscape for the first quarter of 2025 (January-February-March) with its newly published Cyber Threat Status Report. The report, prepared by STM’s technological think tank ThinkTech, analyzes current threats, vulnerabilities and notable events in the cyber world in detail. The report, which covers seven different topics, highlights important topics such as the “Bybit Hack Incident”, the biggest theft in history that deeply shook the cryptocurrency world, the critical role of the human factor in cybersecurity and the countries that have carried out the most cyberattacks recently.
The Black Spot of the Crypto World: The Bybit Hack Case
In February 2025, crypto markets were rocked by news of a massive cyberattack on Bybit, a leading Dubai-based exchange. This incident resulted in the theft of approximately 400.000 Ethereum tokens (worth around $1.5 billion at the time), making it the largest crypto theft in history. In this case, which was examined in detail in the STM report, it was determined that a critical vulnerability was exploited during a routine transaction on the Bybit platform on February 21, 2025, during a transfer from a cold wallet (offline storage) to a hot wallet (online storage). The attackers skillfully manipulated this transfer process and managed to redirect huge amounts of funds to addresses under their control.
Traces of Lazarus: North Korea's Billion Dollar Crypto Operation
Following the attack, an FBI investigation revealed that the notorious North Korean-backed hacker group Lazarus was behind the incident. The stolen Ethereum tokens were converted into Bitcoin and other digital assets through a complex series of processes to conceal the source of the funds. These converted assets were then distributed across thousands of different blockchain addresses to cover their tracks. The Lazarus group has made a name for itself in previous years with high-profile cyberattacks such as the Sony Pictures attack and attacks on various banks via the SWIFT system. According to data from blockchain intelligence firm TRM Labs, hackers with ties to North Korea have stolen over $2017 billion in cryptocurrency since 5. The Bybit case is one of the biggest links in this dark list.
Security Advice from Experts: Multi-Signature and Regular Auditing Are a Must
The STM report also draws attention to the precautions that need to be taken to prevent large-scale attacks like the Bybit hack from happening again. According to the report, cybersecurity experts emphasize that it is vital for cryptocurrency exchanges and users to expand the use of wallets that require multiple signatures, conduct regular and comprehensive security audits, and provide training to increase users' cybersecurity awareness. At the same time, it is recommended that cryptocurrency exchanges develop new protocols that will make cold wallet use more secure and maximize the security level of their existing systems. It is stated that such precautions will play a critical role in preventing similar large losses in the future.
The Weakest Link in Cyber Security: The Human Factor
Another important topic that the STM report draws attention to is the human factor, which is considered the weakest link in the cybersecurity chain. The report draws attention to the fact that unconscious or erroneous behaviors of users are actively used by cyber attackers to bypass security mechanisms. Emphasizing that a large portion of cyber threats are caused by human errors, STM experts list the basic precautions that need to be taken to prevent this vulnerability as follows:
- Strong and Unique Passwords: Users should use strong passwords that are hard to guess, consisting of combinations of letters, numbers and symbols, and change these passwords regularly. The use of the same password on different platforms should be avoided.
- Multi-Factor Authentication (MFA): Instead of relying solely on passwords to access accounts, activating additional security layers (MFA) such as SMS codes, biometric verification or applications that generate one-time passwords significantly reduces the risk of unauthorized access.
- Training Against Phishing Attacks: Regular training should be provided to employees and users to avoid clicking on suspicious links received via email, SMS or social media, not sharing personal information and to be careful about requests from people they do not know. Awareness should be raised about the different methods of phishing attacks and their detection methods.
- USB and Portable Media Control: Uncontrolled use of USB sticks and other portable media devices can lead to the spread of malware and data theft. Therefore, it is important to limit the use of such devices and not to insert them into the system without scanning.
- Attack Simulations: Organizations and agencies should regularly conduct controlled attack simulations to gauge how resilient their employees are to phishing and other social engineering attacks. These simulations help identify vulnerabilities and improve the effectiveness of training.
Source of Cyber Attacks: USA and Netherlands in the Forefront
Data collected by STM's own Honeypot sensors (Honeypot-trap servers) also revealed which countries caused the most cyber attacks worldwide in the first three months of 2025. During January-February-March 2025, the most cyber attack traffic was detected to originate from the United States (US) with a rate of 26%. The Netherlands came in second with a rate of 15%. These two countries were followed by India, China, Taiwan, France, Japan, the United Kingdom, the United Arab Emirates (UAE) and Kenya, respectively. While this data provides an important idea about the geographical distribution of cyber threats, it also shows that institutions and individuals should be careful about cyber risks at the international level. This detailed report by STM is shared with the public in order to increase awareness in the field of cyber security and contribute to being prepared for possible threats.
