Bybit Hacked, $1.46 Billion in ETH Moved to Unknown Wallets

Bybit, one of the world's largest cryptocurrency exchanges, has reportedly suffered a security breach following the detection of a massive outflow of Ether (ETH).

The incident was first exposed by on-chain analyst ZachXBT, who identified a suspicious transaction from Bybit’s wallet totaling $1.46 billion (approximately Rp23.8 trillion) on Friday night (Feb 21, 2025).

ZachXBT also shared the blockchain address linked to the outgoing funds, sparking speculation about a potential security breach or hack. Further analysis revealed that the outflow involved mETH and stETH, which were later converted back to ETH through a decentralized exchange (DEX).

“My source confirms that this is a security incident,” ZachXBT stated in a Telegram post.

Meanwhile, data from Arkham Intelligence indicated that the hacker had already transferred approximately 400,000 ETH worth $1 billion to multiple new wallet addresses.

Bybit Confirms Hack, Cold Wallet ETH Compromised

Bybit’s CEO, Ben Zhou, later confirmed the incident in a post on X, revealing that the hacker successfully took control of Bybit’s ETH cold wallet and transferred all its assets to an unknown address.

According to Zhou, Bybit’s ETH multisig wallet had just transferred funds to its warm wallet one hour before the attack occurred. However, the transaction was cleverly manipulated.

"All signers saw a normal-looking user interface displaying the correct address and URL from Safe," Zhou explained. "However, the actual signing message altered the smart contract logic of our ETH cold wallet, allowing the hacker to take full control and transfer all ETH to an unknown address."

Bybit Assures Users That Funds Remain Secure

Despite the large-scale breach, Zhou reassured users that Bybit’s hot wallets, warm wallets, and other cold wallets remain secure.

“The only compromised wallet was the ETH cold wallet. All withdrawals are operating as usual,” he confirmed.

Furthermore, Zhou emphasized that Bybit remains financially stable and that all user funds are secure.

“Bybit remains solvent, even if the stolen funds cannot be recovered. All client assets remain backed 1:1. We can cover this loss,” he concluded.

Temukan berita dan artikel lainnya di Google News