Bybit suffers major hack with over $1.46 billion in Ethereum stolen

Bybit suffers major hack with over $1.46 billion in Ethereum stolen

Bybit Suffers Historic $1.46 Billion Ethereum Hack, CEO Confirms Breach

Cryptocurrency exchange Bybit has fallen victim to one of the largest security breaches in digital asset history, with approximately $1.46 billion worth of Ethereum (ETH) being siphoned from its hot wallets. The platform’s CEO, Ben Zhou, confirmed the security breach, revealing that attackers managed to take control of an ETH cold wallet and execute unauthorized transfers to an unknown external address.

Massive Ethereum Outflow Raises Alarm

The first signs of trouble emerged when on-chain data revealed a massive transfer of 401,346 ETH, valued at $1.13 billion, moving from Bybit’s hot wallet to an unidentified wallet. This sparked immediate concerns within the cryptocurrency community, as such large transactions are typically associated with security breaches or internal restructuring. As fears of a hack grew, Ethereum’s market value suffered, plunging over 4% due to the rapid liquidation of stolen assets.

How the Hack Was Executed

Bybit CEO Ben Zhou provided insights into the method used by the hacker, explaining that the attack was conducted through a sophisticated deception technique known as “musked UI” spoofing. In this method, the attacker manipulated the user interface (UI) displayed to wallet signers, making them believe they were approving legitimate transactions. The fraudulent UI mirrored Bybit’s actual security interface, displaying the correct wallet address and URL from Safe.eth, a trusted multisig platform.

Once the fraudulent transaction was approved, the hacker altered the smart contract logic of the exchange’s ETH cold wallet, granting themselves full access. This allowed them to transfer the entirety of the wallet’s Ethereum holdings to their own address, completing the breach.

Comparison to Past Crypto Exchange Hacks

Security experts have drawn parallels between the Bybit hack and previous major exchange breaches, including the WazirX and Radiant Capital hacks of 2024. These incidents also relied on deceptive signing techniques and smart contract manipulation to trick wallet operators into granting unauthorized access. The similarities suggest that the perpetrators may be leveraging a highly coordinated and evolving attack strategy targeting crypto exchanges.

Immediate Aftermath and Ethereum Price Impact

Shortly after the breach, the hacker reportedly liquidated nearly $200 million worth of Lido Staked Ether (stETH) within the first 30 minutes, putting downward pressure on Ethereum’s market price. The rapid selling of stolen assets resulted in ETH dropping by more than 4% in a short period, adding to market instability.

Despite the severity of the attack, Bybit assured users that withdrawals remain operational and that all other cold wallets were unaffected. In a statement, Zhou emphasized that the exchange remains solvent, even if the stolen funds cannot be recovered.

Industry Response and Binance CEO’s Advice

Following the attack, Binance CEO Changpeng Zhao (CZ) responded publicly, recommending that Bybit temporarily halt all withdrawals as a security measure. Zhao also offered assistance in tracking and recovering the stolen assets.

“Not an easy situation to deal with. Might suggest halting all withdrawals for a bit as a standard security precaution. Will provide any assistance if needed,” CZ stated on social media.

Investigation and Future Security Measures

As Bybit investigates the attack, blockchain analysts and security firms are working to trace the movement of stolen funds in an effort to identify the perpetrator. This breach serves as a stark reminder of the persistent vulnerabilities within cryptocurrency exchanges and the critical need for enhanced security protocols, particularly in safeguarding large-scale cold wallets.

Further updates on Bybit’s response strategy and potential fund recovery efforts are expected in the coming days.