Crypto exchange Bybit has suffered a theft said to be the largest in history.

The hack was initially reported on February 21, 2025, with a loss to Bybit of approximately USD 1.46 billion in crypto assets. On February 23, the exchange announced it had recovered USD 42.9 million, bringing its total loss to USD 1.42 billion. The hackers compromised the devices of multi-signature signers and targeted a transaction that was being moved from a cold to a warm wallet. The attackers manipulated the user interface to deceive the signers and altered the underlying smart contract logic. Crime insurance for crypto exchanges and other crypto providers is offered by several insurers in the main insurance markets. Coverage applies to thefts occurring in both cold storage and hot storage environments. Very large limits can be purchased, although we are unaware of an insured taking out limits of the size of this loss.

Trafigura discovered it had been defrauded over the course of five years by 10 employees in its Mongolian oil-supply business.

The rogue employees manipulated data and documents to inflate extended credit and conceal debts. Local regulations restrict Trafigura to supplying fuel within the country; it then relies on local distributors to sell the products on. A large part of the total loss comprises a debt owed by its principal counterparty in Mongolia. Crime insurance provides broad coverage for the loss of funds due to dishonest, fraudulent or malicious acts by employees. As in this case, internal fraud can go undetected for many years. Crime insurance operates on a 'losses discovered' basis, meaning that the policy in force at the time the losses are first discovered responds - regardless of when the dishonest or fraudulent acts were committed (subject to the policy not having a retroactive date). Therefore, a twelve month policy will respond to losses discovered at any time during the policy period in respect of dishonest or fraudulent acts committed by employees at any point in the past (provided the policy does not have a retroactive date).

Aspiration Partners co-founder and largest shareholder, Joseph Sanberg, was found to have defrauded two investor funds in collusion with Aspiration board member Ibrahim AlHusseini.

In January 2020, Sanberg arranged a $55 million loan from an investor fund, using Aspiration’s stock as collateral, and securing the loan with an agreement that AlHusseini would buy the stock if Sanberg defaulted. But AlHusseini did not have sufficient assets to cover this event ,and to hide this from investors, Sanberg and AlHusseini forged brokerage and bank account statements that falsely inflated AlHusseini’s assets by up to $200 million. Sanberg refinanced the loan for $145 million in November 2021, but ultimately defaulted, and was arrested for conspiring to defraud investors. AlHusseini, meanwhile, pleaded guilty to wire fraud. Investigations into the pair were pending as of March 2025. Crime insurance provides broad coverage for the loss of funds due to dishonest, fraudulent or malicious acts by employees. However, coverage can be challenging where directors are involved as most policies will exclude the acts of directors, unless they are acting in an employee capacity. Beyond that, Professional Indemnity insurance can respond to claims in respect of dishonest or fraudulent acts by employees committed in the provision of professional services. However, as with Crime insurance, coverage can be challenging where directors are involved, because the acts of the most senior individuals within an insured company are often imputed to it for the purposes of the dishonesty exclusion.

The payment is in respect of JP Morgan Securities making misleading disclosures and issuing inadequate election forms to investors in its Conduit private investment funds.

JP Morgan self-reported the issue to the US Securities and Exchange Commission after receiving investor complaints and said $90 million of the settlement would be distributed to Conduit investors. If the payments to investors are compensatory in nature, then a professional indemnity policy may well respond. However, payments involving regulators, in this case the SEC, can pose challenges. The main stumbling blocks are likely to be the extent of coverage for regulatory actions (some policies exclude claims by regulators) and whether the applicable payments could be construed to be fines (which are often excluded). Beyond that, this case involved self-reporting - a well drafted professional indemnity policy can include coverage for the legal costs incurred in that process under investigation costs coverage or as a standalone extension.

Westpac has settled a class-action lawsuit alleging it had encouraged car dealerships to charge excessive interest rates on car loans. Westpac set a base rate of interest for car loans, but allowed dealers to make money by setting higher rates at their discretion in a system known as ‘flex commissions’.

The class action alleged Westpac had allowed improper flex commissions on loans arranged between March 1, 2013, and October 31, 2018, and claimed that, in some cases, its dealers had charged interest at more than three times the base rate. In November 2018, the Australian Securities and Investments Commission (Asic) banned flex commissions over concerns that borrowers were paying excessive car loan rates and that commissions were not fair or transparent. Professional indemnity insurance does not cover payments of wrongly charged fees or interest, as almost all policies will have an exclusion in that respect (often described as a Fees Exclusion or a Disgorgement Exclusion). Beyond that, a well drafted policy should provide coverage for costs incurred in responding to non-routine regulatory investigations into the provision of professional services.

Fraudsters stole Aeon Card users’ credit card details using phishing websites and registered the cards on Apple Pay.

Once alerted, Aeon sought to remotely disable card payments on the fraudsters’ smartphones. But criminals took advantage of a function that allowed phones to make payments below a set threshold – even when offline or in ‘airplane mode’ – delaying Aeon’s countermeasures. Criminals made a large number of small-sum transactions using this method, causing Aeon an estimated ¥9.9 billion loss in compensation to affected customers. Plastic Card Insurance specifically responds to the fraudulent use of plastic card details and covers card issuers for losses arising therefrom. It is not widely purchased; however it is available in most of the main insurance markets. In additon, Crime insurance may respond to card losses via computer crime cover. However, such coverage is less specific than Plastic Card insurance.

Blue Cross Blue Shield (BCBS) was ordered to pay damages to a former Michigan employee.

The damages were awarded for religious discrimination on the grounds that BCBS dismissed the employee for refusing a Covid-19 vaccine. A Michigan jury ordered BCBS to pay punitive and compensatory damages to the employee. Employment Practices Liability Insurance (EPLI) provides coverage for a wide range of employment claims against employers, including claims alleging discrimination. Policies respond to legal costs incurred in defending claims and settlement and damages payments.