Massive $1.4 Billion Ethereum Hack Hits Bybit Exchange

Bybit, a prominent cryptocurrency exchange, has confirmed a staggering $1.4 billion hack involving its Ethereum cold wallet. The breach, which is one of the largest in cryptocurrency history, has raised significant concerns about security protocols within the industry. The attack exploited vulnerabilities in Bybit's multisig wallet, leading to the unauthorized transfer of a substantial amount of Ethereum and related assets.

Key Takeaways

• Bybit's Ethereum cold wallet was compromised, resulting in the theft of 401,347 ETH, 90,376 stETH, 15,000 cmETH, and 8,000 mETH.

• The attack was executed through a sophisticated manipulation of the multisig wallet interface, tricking signers into approving a fraudulent smart contract update.

• Bybit's CEO, Ben Zhou, assured users that other wallets remain secure and that the exchange is solvent, with all client assets backed 1:1.

Overview of the Hack

The breach occurred on February 21, 2025, when hackers managed to manipulate Bybit's multisig wallet interface. According to Ben Zhou, the founder of Bybit, the attackers masked the transaction details, making it appear legitimate to the signers. This deception allowed the hackers to gain control over the cold wallet and transfer the funds to unknown addresses.

The stolen assets included:

• 401,347 ETH (approximately $1.12 billion)

• 90,376 stETH (around $253 million)

• 15,000 cmETH (valued at $44 million)

• 8,000 mETH (worth about $23 million)

Immediate Impact on the Market

Following the announcement of the hack, the cryptocurrency market experienced a significant downturn. Major cryptocurrencies, including Bitcoin and Ethereum, saw sharp declines in their prices. Bitcoin briefly approached the $100,000 mark before falling back to around $97,000, while Ethereum dropped nearly 4% below $2,700. This incident has heightened fears regarding the security of cryptocurrency exchanges and the potential for further hacks.

Bybit's Response

In the wake of the breach, Bybit has taken several steps to address the situation:

• The exchange is collaborating with blockchain forensic experts to trace the stolen funds and recover the assets.

• Zhou emphasized that all other wallets, including hot and warm wallets, are secure, and normal withdrawal operations continue.

• Bybit has called for assistance from teams with expertise in blockchain analytics to help track the stolen assets.

Zhou reassured users that Bybit remains solvent and that the exchange can cover the losses if the stolen funds are not recovered. He stated, "All withdrawals are normal, and we are committed to ensuring the security of our users' assets."

Conclusion

The $1.4 billion hack of Bybit serves as a stark reminder of the vulnerabilities that exist within the cryptocurrency ecosystem. As exchanges continue to grow in popularity, the need for robust security measures becomes increasingly critical. The incident has sparked discussions about the importance of transparency and security in the crypto space, urging exchanges to enhance their protocols to protect users from future attacks.

Sources

• Bybit Founder Confirms $1.4 Billion Ethereum Hack, Blames 'Masked' Transaction - Benzinga, Benzinga.

• Bitcoin, Ethereum, and Dogecoin slump amid Bybit’s $1.4 billion security breach - TheStreet Crypto: Bitcoin and cryptocurrency news, advice, analysis and more, TheStreet.

• Ethereum’s Pectra Upgrade Goes Live on ‘Holesky’ Testnet, but Fails to Finalize, CoinDesk.

• ByBit suffers $1.5 billion Ethereum heist in cold wallet breach, CryptoSlate.

• One moment, please..., Coinspeaker.