Bybit Suffers $1.4 Billion Hack, CEO Confirms Security Breach
In a significant security breach, cryptocurrency exchange Bybit confirmed on Friday that it was attacked, resulting in the theft of over $1.4 billion in digital assets. This incident has sent shockwaves through the crypto market, leading to a decline in coin prices as investors grapple with the implications of the hack.
According to CEO Ben Zhou, more than $1.4 billion worth of Ethereum (ETH) and staked Ethereum (stETH) were withdrawn from the exchange’s hot wallet. A considerable portion of these stolen funds is reportedly being liquidated through decentralized exchanges.
In a statement posted on X (formerly Twitter), Zhou explained that a planned transfer had been manipulated, allowing the hacker to infiltrate the system. “The signing message was manipulated to change the smart contract logic of our ETH cold wallet,” he stated. “The hacker took control of a specific ETH cold wallet that we signed off on and transferred all the ETH in it to an unidentified address.”
Zhou reassured users that all other cold wallets remain secure and emphasized that normal withdrawal operations are still in effect. Amid the unfolding events, Ethereum’s price has dropped nearly 3% to approximately $2,727, while Bitcoin has seen a nearly 1% decline, bringing its price to around $98,091.
Prior to Zhou’s announcement, renowned pseudonymous security researcher ZachXBT alerted his followers to suspicious outflows from Bybit and indicated that the situation was indeed a “security incident.” Subsequent updates revealed that the stolen ETH is being distributed among 39 different addresses, suggesting that the attacker is attempting to obscure the origins of the funds to evade tracking.
Bybit later issued a statement confirming the occurrence of unauthorized activity related to one of its ETH cold wallets. The company explained that the incident took place during a transaction from its ETH multisig cold wallet to a warm wallet, which was compromised through a sophisticated attack that masked the true signing interface while altering the smart contract logic. This manipulation enabled the attacker to gain control and shift the assets to an unknown address.
In response to customer concerns, Zhou emphasized that the exchange remains financially stable, asserting, “Bybit is solvent even if this hack loss is not recovered. All of clients’ assets are 1-to-1 backed; we can cover the loss.”
Join our Channel...