Bybit Crypto Exchange Hit by $1.5 Billion Hack – What’s Going On?
Bybit, one of the largest cryptocurrency exchanges, suffered a major security breach on Friday, leading to the unauthorized withdrawal of over $1.5 billion in liquid-staked Ether (ETH) and MegaETH (mETH).
JUST IN: Ethereum falls 4.5% after Bybit confirms $1.4 billion $ETH hack. pic.twitter.com/hWO04Omieq
— Watcher.Guru (@WatcherGuru) February 21, 2025
The hack triggered panic within the crypto community and caused ETH prices to drop more than 4%.
How Bybit Lost $1.5 Billion in a Sophisticated Crypto Heist
Bybit’s CEO, Ben Zhou, was the first to flag the breach, confirming that the attack had compromised the platform’s multi-signature ETH cold wallet.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
Although the transaction initially appeared legitimate, it was actually a cleverly masked exploit that altered the smart contract logic. This allowed the attacker to take control of the wallet and siphon its contents.
Despite the substantial loss, Zhou reassured users that all other cold wallets remained secure and that withdrawals continued without disruption.
The exchange has mobilized its security team and blockchain forensic experts to investigate the attack and recover the stolen funds.
As the investigation unfolds, Bybit has enlisted blockchain security experts to track the stolen funds.
Meanwhile, blockchain tracking firm Arkham Intelligence reported that the hacker is distributing the stolen assets across multiple new addresses, likely in an attempt to obscure their movements.
ALERT: BYBIT HACKER SENDING FUNDS TO MULTIPLE NEW ADDRESSES pic.twitter.com/RbQkJxC3Lm
— Arkham (@arkham) February 21, 2025
The attack was executed through a highly sophisticated method known as “masked transactions.”
According to Bybit’s official statements, the malicious actors manipulated the UI of the transaction approval process.
Bybit’s transaction signers, responsible for authorizing withdrawals, believed they were approving a routine transfer from the ETH cold wallet to the platform’s warm wallet.
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
— Bybit (@Bybit_Official) February 21, 2025
However, the underlying signing message was altered to change the smart contract logic of the cold wallet, granting the attacker full control over its funds.
Once access was obtained, the hacker quickly transferred the wallet’s ETH holdings to an unidentified address.
This type of attack suggests the involvement of an advanced threat actor capable of bypassing multiple layers of security through social engineering or direct system exploitation.
Bybit’s Response and Security Measures
Bybit assured users that its other cold wallets remained secure and that withdrawals continued without disruption.
The exchange also implemented additional security monitoring and forensic investigations to recover the stolen funds.
Security experts have urged the crypto community to blacklist addresses linked to the hack and avoid interacting with them.
Bybit has quickly implemented additional monitoring measures and is working to enhance its security protocols to prevent further incidents.
Additionally, scheduled maintenance has been announced for its live server, extending into the following day.
Ben Zhou reassured users that Bybit remains financially stable, stating that all client assets are backed 1-to-1.
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
— Ben Zhou (@benbybit) February 21, 2025
While the full extent of the damage is still under investigation, security experts continue to analyze the breach.
Initially, the crypto community reacted with panic before further clarifications were provided.
Bybit users are advised to remain cautious and monitor official updates.
Security professionals are now evaluating Bybit’s overall security infrastructure to prevent future incidents.
Source: cryptonews.com
