Key Points
- Bybit’s cold storage wallet was hacked, resulting in a loss of approximately $1.46 billion in Ethereum tokens.
- The sophisticated scheme involved the use of a fake user interface and malicious code.
Bybit, a cryptocurrency exchange, has experienced a significant security breach. The loss amounted to around $1.46 billion in Ethereum tokens. The funds were stolen from a cold storage wallet, typically considered one of the safest methods for storing digital assets. This incident highlights that even the most secure wallets can have vulnerabilities.
ZachXBT, a blockchain investigator, was the first to notice unusual outflows from Bybit’s wallets. On-chain data revealed a systematic scheme where mETH and stETH tokens were converted to Ethereum through decentralized exchanges.
The Breach Details
The breach was confirmed by Bybit’s CEO. The hackers used a technique involving a “masked” transaction method. This trick led the team to approve transfers that appeared normal, allowing the hackers to gain control of a significant offline wallet.
The attackers executed a complex scheme by creating an interface that mirrored the Safe wallet management platform. They replicated accurate address details and verified URLs to deceive Bybit’s security team. Transactions appeared legitimate, prompting the team to unknowingly authorize malicious code that altered the wallet’s smart contract logic.
This alteration allowed the hackers unrestricted access to Ethereum holdings, resulting in the theft of 401,347 ETH ($1.12 billion), 90,376 stETH ($253 million), 15,000 cmETH ($44 million), and 8,000 mETH ($23 million). The total amount of stolen assets reached nearly $1.46 billion.
Despite the significant loss, Bybit reassured its users that the breach was confined to a single cold wallet. The company stated that its other cold storage facilities, hot wallets, and warm wallets remain secure. Withdrawal functions across the platform continue to operate normally.
Tracking the Stolen Assets
Security teams worked with blockchain forensic experts and partners to track the stolen assets. Bybit shared a transaction link via Etherscan, asking the crypto community to assist in tracing the funds. Meanwhile, ZachXBT reported that the hacker distributed 10,000 ETH across 39 addresses and called on exchanges and services to blacklist them.
Despite the severity of the situation, Bybit CEO Ben Zhou reassured users of the exchange’s solvency. He stated that even if the stolen funds are not recovered, Bybit can cover the losses.
While this reassurance helps stabilize user confidence, the attack marks one of the largest successful breaches of a crypto exchange’s cold storage system. It underscores the increasing sophistication of cyber threats targeting digital asset platforms.
Following news of the attack, Ethereum’s price took a hit, dropping nearly 5% within an hour to trade at $2,729.
