Bybit loses $1.4B in hacked wallet transfer, remains solvent despite the breach as Ethereum price drops 2%.
Bybit suffered a security breach today, with attackers stealing approximately $1.4 billion in Ethereum-based tokens. The incident triggered a market reaction, with Ethereum's price dropping by 2% to $2,685, while Bitcoin saw an over 1% decline to $96,632.
Source: Ethereum price page
Bybit CEO Ben Zhou confirmed the hack occurred when attackers exploited a planned transfer between the exchange's wallets.
"The signing message was to change the smart contract logic of our ETH cold wallet," Zhou explained.
In other words, while Bybit's team thought they were approving a routine transfer between wallets, they were actually signing a transaction that modified their cold wallet's smart contract, giving the attacker the ability to withdraw funds.
The attacker gained control of a specific ETH cold wallet and transferred its contents to an unidentified address.
In a follow-up statement, Zhou indicated that rather than immediately purchasing ETH to cover the losses, Bybit would work with partners to secure bridge loans. The exchange is experiencing transaction volumes 100 times higher than normal, leading to processing delays, particularly for large withdrawals.
Binance founder, CZ, responded to the incident by suggesting Bybit temporarily halt withdrawals as a security precaution, offering assistance. Safe Wallet, meanwhile, has temporarily paused certain functionalities while their security team investigates the incident.
SlowMist, a blockchain security firm, noted similarities to a previous hack of Radiant Capital attributed to North Korean hackers.
Security researcher ZachXBT, who first spotted suspicious outflows from the exchange, reported that the stolen funds were being distributed across 39 different addresses, apparently in an attempt to obscure the money trail.
In an official statement, Bybit detailed the attack's mechanics: "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic."
Despite the significant loss, Zhou assured users that the exchange remains financially stable.
The exchange confirmed that other cold wallets remain secure and withdrawals are functioning normally.
The breach has sparked responses across the cryptocurrency ecosystem. Ethena Labs assured users that their USDe stablecoin remains fully collateralized, with less than $30 million in unrealized PNL related to Bybit hedge positions, representing less than half of their reserve fund.
This incident adds to a series of security breaches in the cryptocurrency sector during February 2025. Earlier this month, ZkLend, a Starknet-based money-market protocol, lost $9.5 million in an exploit, though the funds were later returned through the Railgun protocol.
The stolen assets included liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and various other ERC-20 tokens.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
