In a devastating security breach, Singapore-based cryptocurrency exchange Bybit has fallen victim to a sophisticated hack on 21 February, resulting in the theft of approximately $1.5 billion (S$2.01 billion) worth of Ethereum (ETH).
This incident marks one of the largest heists in the history of digital assets, raising significant concerns about the security measures employed by cryptocurrency platforms.
The breach was officially confirmed by Bybit’s Co-Founder and CEO, Ben Zhou, who detailed the nature of the attack.
According to Zhou, who is based in Singapore, the hackers exploited a vulnerability in Bybit’s multi-signature (multisig) cold wallet system.
During a routine transfer from the cold wallet to a warm wallet, the attackers manipulated the process by masking the user interface (UI) presented to the wallet signers.
This deception led the signers to authorize a transaction that, unbeknownst to them, altered the smart contract logic of the ETH cold wallet. As a result, the hackers gained control over the wallet and transferred all its Ethereum holdings to an unidentified address.
Zhou addressed the incident on social media, explaining that the hack occurred due to a masked transaction that tricked wallet signers into unknowingly altering the smart contract logic of the exchange’s ETH cold wallet. This allowed the hacker to take control and transfer all Ethereum holdings to an unidentified address. Bybit assures that all other cold wallets remain secure and withdrawals are unaffected.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
In the wake of the attack, Bybit’s security team has launched a comprehensive investigation and is collaborating closely with law enforcement agencies to track down the perpetrators and recover the stolen funds.
The company has also reached out to blockchain analytics and fund recovery specialists, seeking assistance in tracing the illicit transfers.
Despite the enormity of the theft, Bybit has assured its users that their funds remain safe and that the exchange has sufficient reserves to cover any losses.
Zhou emphasized the platform’s solvency, stating that even if the stolen assets are not recovered, all client assets are backed on a one-to-one basis, and operations will continue without disruption.
The stolen Ethereum, amounting to over 400,000 tokens, was swiftly moved to multiple unidentified addresses.
Blockchain analysis firms have been tracking these movements, noting that the funds have begun to disperse across various wallets, a common tactic employed by hackers to obfuscate the trail and hinder recovery efforts.
This incident serves as a stark reminder of the persistent security challenges facing the cryptocurrency industry. Despite advancements in security protocols, hackers continue to develop sophisticated methods to exploit vulnerabilities.
The Bybit hack surpasses previous high-profile thefts, such as the $611 million (S$818 million) Poly Network hack in 2021 and the $570 million (S$763.8 million) Binance hack in 2022, underscoring the escalating scale of such attacks.
Analysts at blockchain intelligence firm Elliptic have linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the cryptocurrency industry.
The group is known for exploiting security vulnerabilities to finance North Korea’s regime, often using sophisticated laundering methods to obscure the flow of funds.
“We’ve labelled the thief’s addresses in our software to help prevent these funds from being cashed out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic.
The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency.
However, Zhou reassured customers that outflows had stabilized and announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.
The Lazarus Group has a long history of targeting crypto platforms, dating back to 2017 when it infiltrated four South Korean exchanges and stole $200 million (S$268 million) worth of bitcoin.
As law enforcement agencies and crypto tracking firms work to trace the stolen assets, industry experts warn that large-scale thefts remain a fundamental risk in the cryptocurrency sector.
“The more difficult we make it to benefit from crimes such as this, the less frequently they will take place,” Elliptic’s Robinson wrote in a post.
The broader cryptocurrency market has reacted to the news with notable volatility.
Following the announcement of the hack, the price of Bitcoin experienced a decline, falling from $99,000 (S$132,660) to $95,000 (S$127,300).
Ethereum’s value also saw a downturn, reflecting the market’s sensitivity to security breaches within major exchanges.
The post Bybit suffers unprecedented US$1.5 billion Ethereum theft in sophisticated hack appeared first on The Online Citizen.
