February 23, 2025
Home » Cryptocurrency Cybersecurity Ethereum Hacking Security Startup Spotlight Startups Tech Startup News Tech Startups Technology News

Bybit Hacked: Hackers steal $1.5 billion from Bybit – largest crypto exchange hack to date

Nickie Louise Posted On February 22, 2025
0
266 Views


Dubai-based cryptocurrency exchange Bybit has been hit with what could be the biggest crypto heist to date. Hackers stole around $1.5 billion worth of Ethereum after breaching one of the company’s cold wallets. The attackers transferred approximately 401,000 ETH to an unknown address, raising serious concerns about security in the crypto industry.

Bybit CEO Ben Zhou confirmed the breach and assured users that the exchange remains solvent, with all client assets fully backed. He emphasized that withdrawals and unaffected wallets are still operational. Following the attack, Bybit processed over 350,000 withdrawal requests.

Largest Crypto Exchange Hack of All Time

“Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” Zhou said following the incident, adding that the firm’s other wallets and withdrawals were not affected. The company said it has more than $20 billion in assets under management.

How It Happened

Zhou explained that the hack took place during what should have been a routine transfer from a cold wallet—an offline storage system— to a warm wallet used for daily transactions.

“Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Bybit said in a post on X.

In another post on X, Bybit said it detected unauthorized activity in one of its ETH cold wallets during a routine transfer to a warm wallet. Hackers manipulated the signing interface, making the transaction appear legitimate while altering the underlying smart contract logic. This allowed them to take control of the cold wallet and move funds to an unknown address.

“As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”

Bybit’s security team is investigating the breach with blockchain forensic experts and industry partners. The company is inviting teams specializing in blockchain analytics and fund recovery to assist in tracking the stolen assets.

The attacker was able to take control of the cold wallet and move its holdings to an unknown address.

“Bybit is solvent even if this loss is not recovered. All client assets are fully backed. We can cover the loss,” Zhou stated, adding that the exchange holds over $20 billion in assets.

Tracing the Stolen Funds

Blockchain forensic teams are working to track down the stolen funds. Research firm Arkham Intelligence reported that the stolen Ethereum is already being moved to new addresses and sold off.

ZachXBT, a well-known blockchain investigator, traced the theft to North Korean state-sponsored hackers. The attack bears similarities to previous breaches at WazirX and Radiant Capital, where attackers tricked users into signing fraudulent transactions.

Breaking Down the Exploit

The hackers used several techniques to pull off the attack, including:

  • Address Manipulation: The “to” address appeared normal in the UI but redirected funds to a malicious wallet in the background.
  • Delegate Call Exploit: The transaction contained an operation type that allowed an external contract to execute code with full control.
  • Storage Slot Manipulation: The hackers altered a key storage slot in the contract, swapping Bybit’s legitimate security settings with their own malicious version.

Could This Have Been Prevented?

Security experts say the attack could have been avoided with stricter verification processes:

  • Proper Hardware Wallet Checks: Transactions should be reviewed directly on a hardware wallet, not just in the UI.
  • Avoiding Blind Signing: Many wallets don’t display full transaction details, leading users to approve transactions without knowing exactly what they’re signing.
  • Using Blockchain Explorers: While Etherscan didn’t flag the contract changes, BlockScout correctly identified the exploit.

The Bigger Picture

This attack is a reminder of the security challenges facing the crypto industry. More than $2.2 billion has been stolen from crypto platforms this year alone, according to Chainalysis.

Bybit is now working with forensic experts to recover the stolen funds, but for now, the hackers remain unidentified. Until security improves, users should take extra precautions before signing transactions.

Founded in March 2018, Bybit offers a professional crypto exchange platform where crypto traders can find an ultra-fast matching engine, excellent customer service, and multilingual community support. Currently, Bybit is the world’s third most visited cryptocurrency exchange with more than 5 million registered users.




Trending Now
Meta AI in panic mode as free open-source DeepSeek gains traction and outperforms for far less
Nickie Louise January 24, 2025
DeepSeek R1 reproduced for $30: Berkeley researchers replicate DeepSeek R1 for $30—casting doubt on H100 claims and controversy
Nickie Louise January 31, 2025
- Advertisement -

You are reading
Bybit Hacked: Hackers steal $1.5 billion from Bybit – largest crypto exchange hack to date
Share No Comment