Ethereum Cold Wallet Breach at Bybit Results in $1.46 Billion Loss
Bybit Suffers Largest Crypto Hack on Record, Loses $1.46 Billion in Ethereum
Bybit, a prominent cryptocurrency exchange, has suffered a major breach of one of its Ethereum (ETH) cold wallets, resulting in the loss of 514,723 ETH, approximately $1.46 billion. The breach was first reported by crypto researcher ZachXBT on the X platform and later confirmed by Bybit co-founder and CEO Ben Zhou.
The attack involved a compromised signer that controlled wallet authorization, enabling the attacker to execute unauthorized transfers from the ETH cold wallet. Bybit's CEO confirmed that attackers manipulated a "planned transfer," indicating the exploit involved intercepting or altering expected transaction flows, likely via crafted (masked) transactions.
The breach exploited a weakness in access controls, rather than a direct smart contract bug, though manipulation of smart contract logic or transaction parameters is often part of such exploits for stealth and efficacy. The altered smart contract logic allowed the hacker to transfer the funds from the cold wallet to Bybit's warm wallet.
The attack was sophisticated, involving the masking of the signing interface to display the correct address while altering the underlying smart contract logic. Bybit is inviting teams with expertise in blockchain analytics and fund recovery for assistance in tracing the stolen funds.
Despite the loss, Bybit's CEO, Ben Zhou, has stated that all withdrawals remain normal and the exchange is solvent, with enough funds to cover the stolen $1.46 billion. Zhou reiterated that even if the assets are not recovered, all client assets are fully backed 1-to-1.
Clients' funds remain safe, with operations continuing as usual, according to Bybit. The incident is being investigated by Bybit's security team, along with leading blockchain forensic experts and partners. Bybit has issued a post regarding the incident on the X platform.
Bybit is open to any help in tracking the stolen funds. The company has not repeated any advertisements in the provided paragraph. All other Bybit cold wallets remain secure, according to the company.
In summary, the largest crypto hack on record against Bybit was executed by compromising authorization control (signer) which allowed attackers to alter transaction logic and craft masked transactions to drain $1.46 billion in Ethereum. Concrete step-by-step technical details of the transaction masking and logic alteration have not been fully disclosed in the public sources searched but are consistent with access control and transaction manipulation attacks common in major crypto exploits.
Technology experts are actively analyzing the transaction masking and logic alteration method used in the Bybit hack, with a focus on identifying similar vulnerabilities in other onchain finance systems.
The news of the sophisticated Bybit hack, affecting sports teams and individual investors alike, has sparked a renewed focus on the security measures required for efficient onchain transactions in the rapidly evolving world of technology.
