Update: CEO Ben Zhou stated during a livestream that the exchange is still processing withdrawals, but due to high demand, transactions may take longer than usual. Bybit is also discussing an ETH credit with partners to cover liquidity.
Binance founder Changpeng Zhao offered assistance and recommended temporarily suspending withdrawals as a precaution.
Crypto investigator ZachXBT reported suspicious outflows of $1.46 billion from Bybit accounts. Shortly after, Zhou confirmed the hack.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
The CEO emphasized that only one wallet was affected, while other funds remain secure, and withdrawals are still available.
According to the official statement, the incident occurred during an ETH transfer from a cold multi-signature storage to a hot wallet.
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
— Bybit (@Bybit_Official) February 21, 2025
Hackers altered the transaction signing interface so that all participants saw the correct address. However, the smart contract logic was changed, allowing attackers to take control of the ETH wallet and withdraw all funds to an unidentified address.
Bybit is conducting an investigation with experts and partners. Users’ funds remain safe, and the platform continues to operate.
According to ZachXBT, part of the stolen mETH and stETH has already been swapped for ETH through DEXs. A total of 10,000 ETH was split across 36 wallets. The investigator urged crypto platforms to block suspicious addresses from the provided list.
DeFi Llama founder 0xngmi noted that the attack methods resemble those used in the July 2024 breach of the Indian exchange WazirX, which lost around $235 million. Hackers in that case also manipulated transaction data.
For reference, Chainalysis reported that crypto fraud losses in 2024 reached $9.9 billion.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.