Bybit Breached: Hackers Drain $1.5 Billion from Multi-Sig Cold Wallet

A security breach at cryptocurrency exchange Bybit has resulted in the loss of nearly $1.5 billion in crypto assets. The hack was confirmed by Bybit CEO Ben Zhou, who stated that the exchange’s Ethereum multi-signature cold wallet was compromised.

How the Hack Occurred

According to Zhou, the hackers managed to deceive all signers of the multi-sig wallet by masking a transaction. The signers believed they were approving a legitimate address, but were unknowingly authorizing changes to the smart contract managing Bybit’s ETH cold wallet.

This allowed the hackers to withdraw all Ether and Ether derivatives from Bybit’s wallet to an unknown address. The perpetrators then began swapping the stolen funds for Ethereum tokens on decentralized exchanges.

Tracking the Stolen Assets

Renowned on-chain sleuth ZachXBT reported that the hackers split the stolen assets across multiple addresses to evade tracking. He published a list of these addresses on his official Telegram channel, urging exchanges to blacklist them.

Here are some key points about the breach:

  • The breach occurred on February 21 and is believed to be one of the largest-ever exploits against a single crypto exchange.
  • The amount stolen accounts for more than 50% of the total crypto value siphoned in 2024.
  • Bybit CEO Ben Zhou assured users that the breach was isolated to the Ethereum cold wallet and that all other cold wallets are secure.

“Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL.” – Ben Zhou

Lessons Learned

The breach highlights the importance of security and transparency in the cryptocurrency industry. Companies can take steps to mitigate the risk of similar breaches by:

  • Implementing robust security measures, such as multi-signature wallets and smart contract audits.
  • Providing transparent access to liquidation data and other critical information.
  • Conducting regular security audits and testing to identify vulnerabilities.

Stay up-to-date with the latest news on cryptocurrency and security breaches at Global Crypto News.

Post Views: 1