Bybit hit with $1.4 billion hack targeting its Ethereum cold wallet
Attackers used social engineering to bypass bybit's defenses, manipulating smart contracts for massive theft.
Key Takeaways
- Bybit lost $1.4 billion due to a phishing attack impacting a cold wallet.
- The attack involved mETH and stETH tokens swapped for ETH through a sophisticated scheme.
Share this article
Crypto exchange Bybit has confirmed a massive hack that resulted in over $1.4 billion worth of crypto assets being drained from the exchange’s Ethereum cold wallet. Despite substantial losses, CEO Ben Zhou insisted that customer money is secure and will be covered.
The incident came to light after on-chain analyst ZachXBT flagged suspicious outflows from Bybit wallets, totaling $1.46 billion at 10:20 AM ET. The investigator also shared a blockchain address associated with the outflows. The large sum of money involved has prompted speculation about a potential security breach or hack. Bybit did not release an official statement at the time.
ZachXBT also pointed out that the suspicious address had swapped mETH and sETH for ETH on decentralized exchanges. He later learned from sources that it was a security incident.
Within 30 minutes of ZachXBT’s initial alert, Bybit CEO confirmed the security breach. In a statement, Zhou explained that the attackers likely employed a “masked” transaction technique to carry out the exploit.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
This involved deceiving Bybit’s team into authorizing a malicious transaction by displaying a legitimate-looking user interface. The UI showed the correct address and URL from Safe, a widely used wallet management platform, making the transaction appear authentic.
However, the actual transaction signed by the Bybit team contained malicious code that altered the smart contract logic of the targeted cold wallet. This effectively granted the attackers control, allowing them to drain ETH from the wallet.
Bybit said that only one cold wallet was compromised and that all other cold wallets remain secure. The exchange also reassured users that withdrawals are proceeding normally.
Share this article
