Major Security Breach at Bybit

On February 21, 2025, at 14:16:11 UTC, a major security breach at Bybit resulted in the unauthorized movement of 401,346 ETH, worth approximately $1.13 billion, from exchange wallets. Whale Alert detected the massive transfer, revealing that Bybit’s cold wallet funds were sent to an unexpected destination.

> Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
> — Bybit (@Bybit_Official) February 21, 2025

Bybit Confirms Sophisticated Attack

The Bybit team disclosed that the breach stemmed from a highly complex attack targeting their multi-signature (multi-sig) Ethereum cold wallet. Attackers deceived the signing system into presenting verified transactions while altering the underlying smart contract logic in a covert manner. This manipulation allowed the hacker to gain unrestricted control of the compromised cold wallet, enabling them to transfer its entire balance to a secret account.

Bybit’s Response and Security Measures

Bybit has reassured users through an official announcement, stating the following points:

• All other cold wallets remained secure throughout this incident.
• Client deposit security operates independently from the breach.
• Standard operating procedures are uninterrupted while operations continue as expected.

The exchange launched an immediate investigation in collaboration with blockchain forensic specialists to trace the stolen funds. They also requested assistance from blockchain experts with asset tracing capabilities to help track down the stolen assets.

Are the Stolen Funds Being Sold?

It remains unclear if the stolen funds have been sold or when they might be. However, if attackers decide to offload these funds, it could lead to increased market volatility and a potential decline in ETH prices.

The exchange has pledged to maintain transparency during the investigation and will provide updates as new information becomes available.

What This Means for Crypto Security

This attack underscores significant vulnerabilities present even in the most secure crypto exchanges. Protection of crypto assets necessitates improved smart contract security, advanced threat detection systems, and enhanced wallet authentication technologies to defend against skilled cybercriminals.

The crypto community remains vigilant, monitoring suspicious ETH activity that could indicate the hacker’s next moves as Bybit works to recover from this incident.