Bybit Exchange Hacked, Over $1.4 Billion In ETH Tokens Stolen

Bybit, a major cryptocurrency exchange, has reportedly fallen victim to one of the largest crypto hacks in history, with hackers stealing over $1.4 billion in Ethereum (ETH) from its cold wallet.

Early assessments suggest the breach resulted in the loss of more than $1 billion in ETH, along with other digital assets. Investigations into the incident are still ongoing.

Bybit’s co-founder and CEO, Ben Zhou, explained that the hackers managed to manipulate the exchange’s ETH cold wallet signers into approving a fraudulent transaction.

The attack involved a deceptive interface that tricked signers into unknowingly authorizing a malicious transfer. As a result, the hacker gained full control of the cold wallet and moved the assets to an unknown address.

Despite the breach, Zhou assured users that all other wallets remained secure and withdrawals were operating normally. He also emphasized that Bybit remains financially stable and fully capable of covering the losses.

“Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from Safe.

“However the signing message was to change the smart contract logic of our ETH cold wallet,” Ben Zhou posted to X, likely referring to a “masked” URL used to alter code while appearing legitimate.

“This resulted Hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdraws are NORMAL.”

This incident ranks among the biggest crypto exchange hacks ever, surpassing previous breaches like Coincheck’s $534 million hack in 2018, Mt. Gox’s $470 million theft in 2014, and FTX’s $415 million loss during its bankruptcy in 2022.

Security researchers monitoring the situation found that the stolen funds were rapidly dispersed across multiple wallets.

The initial transaction sent around 400,000 ETH (worth approximately $1.1 billion) and other liquid staking tokens to a primary hacker-controlled address.

The hacker then divided the assets among several secondary addresses before swapping them through decentralized exchanges like Uniswap, Paraswap, and KyberSwap.

According to Arkham Research, the original hacker wallet now holds only $3.7 million in crypto.

Meanwhile, Bybit reassured users that its reserves remain strong, with over $20 billion in assets, including $6.9 billion in Bitcoin and $4.1 billion in USDT.

The exchange also moved $560 million worth of USDT from a treasury wallet to a hot wallet in response to the attack.

While Bybit has not yet disclosed how it plans to address the breach fully, the scale of this hack marks a significant event in the cryptocurrency industry.

ALSO READ: 17-Year-Old Graham Ivan Clark Arrested As Mastermind Behind Massive Bitcoin Twitter Hack