Key Points:
- Hackers stole $1.4 billion in ETH from Bybit’s cold wallet by manipulating a security transaction.
- The stolen funds are being moved across multiple wallets and sold on decentralized exchanges (DEXs).
- Bybit says all other wallets are secure, and withdrawals are still working as normal.
On February 21, crypto exchange Bybit suffered a major security breach, with hackers successfully stealing $1.4 billion worth of ETH and stETH. The attack was discovered when large amounts of ETH were unexpectedly moved to unknown addresses.
Bybit CEO Ben Zhou explained that the hack happened because the exchange’s multi-signature cold wallet was compromised. The attackers tricked the system by masking the transaction interface, making it look like a routine transfer to Bybit’s warm wallet.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
However, the real transaction altered the smart contract logic, giving the hackers control over the cold wallet and allowing them to withdraw all ETH.
How the Funds Are Being Moved and Sold
After gaining control of the wallet, the hackers sent the stolen ETH to a fresh address (0x4766…86E2) before transferring it again to another wallet (0xa4b2…449e). These funds are now being sold for ETH on multiple decentralized exchanges, including Curve, Uniswap, and 1inch.
So far, over $200 million worth of stETH has already been sold, with more being swapped in smaller transactions. The use of multiple DEXs suggests that the attackers are trying to avoid detection and make tracking harder.
Bybit’s Response and Security Investigation
Bybit has confirmed that all other cold wallets remain secure, and the platform’s operations, including withdrawals, are working as normal. The company’s security team and blockchain forensics experts are actively investigating the breach and trying to trace the stolen funds.
Bybit is also asking for help from blockchain analytics firms and security researchers to recover the assets. The exchange has promised to keep users updated as new details emerge.
This incident is one of the largest exchange hacks in recent years, raising concerns about security risks in centralized platforms.
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
— Bybit (@Bybit_Official) February 21, 2025
