On February 21, 2025, a serious incident occurred at Bybit, one of the largest cryptocurrency exchanges. Initial reports surfaced on X (formerly Twitter) from well-known crypto experts.
Whale Alert reported that 401,346 ETH (approximately $1.13 billion) was allegedly transferred from Bybit's hot wallet to an unknown address. Cybersecurity experts from PerkShield also noted the suspicious transfer.
Ben Zhou confirmed the hacking of one of Bybit's cold wallets that stored ETH. Official confirmation later came from the exchange's official account.
What Happened to Bybit Crypto Exchange
A hacker attacked Bybit's multisignature cold wallet. To execute transactions with coins in this wallet, multiple signatures are required. However, the hackers employed a UI spoofing technique, causing signers to see the correct address and a legitimate URL from the Safe wallet management platform. In reality, they signed a transaction that altered the smart contract logic of the wallet.
As a result, the hacker gained control over a specific ETH cold wallet and transferred all tokens to an unknown address.
Subsequently, it was reported that $560 million in USDT was moved from Bybit's cold wallet to a hot wallet.
Experts from Arkham indicated that two minutes before the funds were withdrawn.
According to Meir Dolev, co-founder and CTO of the cybersecurity company Cyvers, two minutes before the funds were withdrawn, the hacker rewrote Bybit's secure multisignature wallet to delegate calls to a malicious contract.
"The hacker used a legitimate transaction as cover, and users signed it without understanding its essence. From that moment, the hackers gained control over their wallet and no longer needed additional signatures. This is very similar to attacks on WazirX and Radiant Capital," he noted
Bybit emphasized that all other cold wallets are secure. The exchange has not halted withdrawals.
"We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption," states the official announcement.
The company added that it is investigating the incident and welcomes assistance from any teams experienced in blockchain analytics, asset tracking, and fund recovery.
Market Reaction
The price of Ethereum reacted sharply by dropping 3% within minutes due to large-scale liquidations. Nearly $200 million in Lido Staked Ether (stETH) was sold within the first 30 minutes following the news.
Some users are urging to withdraw funds from the cryptocurrency exchange urgently, while others are confident that the platform will be able to recover the stolen assets.
"Crypto is so centralized when it needs to be that I have no doubt about the return of funds," wrote one community member.
Meanwhile, the former CEO of the cryptocurrency exchange Binance advised Bybit to halt withdrawals.
"Not an easy situation to deal with. Might suggest to halt all withdrawals for a bit as a standard security precaution. Will provide any assistance if needed. Good luck!", he wrote
The article is being updated.
