The cryptocurrency exchange Bybit recently fell victim to a massive security breach, resulting in the theft of more than $1.4 billion worth of Ethereum. Cybersecurity analysts have described the incident as one of the largest hacks ever targeting a digital asset platform.
How the Hack Occurred
Bybit, a Dubai-based exchange, reported that the attack took place while it was transferring assets from a “cold” wallet—an offline storage method considered highly secure—to an online “warm” wallet. According to the company, hackers exploited a sophisticated vulnerability that manipulated the signing interface, displaying legitimate transaction details while covertly altering the underlying smart contract logic.
“This attack was executed through an advanced technique that masked the interface, showing a valid address while redirecting funds to an unauthorized destination,” Bybit stated in a post on X (formerly Twitter).
On-Chain Investigation and Scope of the Breach
Blockchain investigator ZachXBT was among the first to flag suspicious outflows from Bybit, reporting that over $1.46 billion had been siphoned out of the exchange. Further analysis indicated that the stolen Ethereum was split into 48 separate addresses, making tracking and recovery more complex.
Bybit CEO Ben Zhou addressed the situation in a livestream, confirming that approximately 401,000 ETH had been stolen. He reassured users that other wallets remained secure and emphasized that the exchange had sufficient liquidity to cover withdrawals despite the breach.
“We’ve seen a surge in withdrawals over the last few hours, with 4,000 pending transactions as of our latest update,” Zhou said. “Bybit operates on a one-to-one reserve system, ensuring that customer funds remain fully backed.”
Potential Vulnerability in Safe Wallets
While the exact method of attack is still under investigation, Zhou speculated that the breach could be linked to the wallet provider Safe, which Bybit uses for its Ethereum cold storage.
“There is a possibility that a Safe server was compromised, but we do not have definitive proof at this stage,” he noted.
Safe, in response, stated that they had not found any evidence of a breach in their official front-end system but were pausing certain functionalities as a precautionary measure.
Impact and Response
Before the attack, Bybit reportedly held more than $16 billion in reserve assets. To mitigate losses, Zhou announced that the exchange had already secured bridge loans to cover 80% of the stolen Ethereum, ensuring continued operations and user withdrawals.
This incident adds to the growing list of major cryptocurrency heists, alongside the Ronin Network and Poly Network breaches, each of which saw losses exceeding $600 million.
Security firms have frequently pointed to state-backed hacking groups, including North Korea’s Lazarus Group, as major perpetrators of such attacks. According to blockchain analytics firm Chainalysis, crypto-related hacks accounted for $2.2 billion in stolen funds last year alone.
Conclusion
Bybit’s breach serves as yet another reminder of the vulnerabilities in digital asset security, even for well-established exchanges. As investigations continue, the broader crypto industry is once again called to strengthen security frameworks to prevent future large-scale exploits.
If you prefer you can follow us on Telegram for the biggest news updates in the industry:
Or on X:
