In a shocking security breach, cryptocurrency exchange Bybit has confirmed the theft of over $1.46 billion worth of Ethereum from one of its cold wallets. This marks the largest crypto heist in history, surpassing previous records.
How the Bybit Hack Happened
Bybit disclosed that the breach occurred when its ETH multisig cold wallet processed a transfer to a warm wallet. However, cybercriminals manipulated the signing process, tricking the system into displaying a legitimate address while secretly altering the smart contract’s logic.
“As a result, the attacker took control of the affected ETH cold wallet and moved the funds to an unidentified address,” Bybit explained in an official statement.
Security Measures and Investigation Underway
Bybit’s security team, alongside blockchain forensic experts, is actively investigating the incident. The company has also invited cybersecurity specialists to assist in tracking the stolen funds.
Reassuring its users, Bybit’s CEO stated:
- Other cold wallets remain secure.
- Client funds are unaffected.
- Exchange operations continue as normal.
- Bybit maintains full solvency and can cover the loss even if the stolen funds are not recovered.
“We appreciate any help in tracking these funds. Rest assured, our clients’ assets are fully backed 1:1,” the CEO added.
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
— Ben Zhou (@benbybit) February 21, 2025
The Hacker’s Next Moves
Crypto investigator ZachXBT reports that the hacker has already dispersed 10,000 ETH across 48 different wallets, making fund recovery more challenging.
Biggest Crypto Heist in History
This $1.46 billion hack dwarfs previous record-breaking breaches:
- Axie Infinity (March 2022): Hackers stole $620 million in Ethereum and USDC from the Ronin network, later linked to North Korean groups Lazarus and BlueNorOff.
- Poly Network (August 2021): Attackers siphoned $611 million across Binance Chain, Ethereum, and Polygon.
- North Korean Cyber Theft (2023-2024): The U.S., South Korea, and Japan reported that North Korea-backed groups stole over $659 million in crypto. Chainalysis later estimated the 2024 total at $1.34 billion across 47 cyberattacks.
What’s Next for Bybit and Crypto Security?
This breach underscores the growing sophistication of cyberattacks in the crypto industry. It also raises concerns about the security of cold wallets, previously considered one of the safest storage methods.
Bybit urges the crypto community to remain vigilant and follow best security practices to prevent similar incidents.
Could Your Crypto Be at Risk?
Bybit insists only the targeted ETH wallet was compromised. But the hack highlights chilling vulnerabilities:
- Cold wallets aren’t foolproof: Even “air-gapped” storage has weak points during transfers.
- Smart contract risks: Flaws in code execution can turn routine moves into disasters.
How to Protect Your Assets
Crypto expert Jane Lee advises: “Double-check transaction addresses manually – don’t trust displayed text. Use hardware wallets for large holdings, and monitor exchange security updates.”
Bybit users should enable 2FA and watch for official alerts. For deeper insights, check ZachXBT’s thread on X or the FBI’s 2023 crypto crime report.
