In this news:
Bybit, the Singapore-based cryptocurrency exchange, has confirmed a security breach that resulted in the theft of over $1.4 billion worth of Ethereum (ETH) from one of its cold wallets. The attack, which appears to have exploited vulnerabilities in the exchange’s multi-signature security system, was acknowledged by Bybit CEO Ben Zhou. Zhou stated that the breach affected only the platform’s Ethereum cold wallet, while all other assets and withdrawal operations remain unaffected.
He explained that the attackers used a deceptive technique to manipulate transaction approvals by misleading the wallet’s signers through a fraudulent user interface. The exploit involved an altered smart contract logic that enabled the hacker to seize control of the targeted cold wallet. The incident came to light after blockchain analysts, including ZachXBT, detected suspicious transactions involving approximately $1.46 billion worth of digital assets.
Initial findings indicate that the attackers transferred large sums of ETH to an address beginning with “0x476,” accumulating over 400,000 ETH (valued at around $1.1 billion), alongside 90,000 stETH, 15,000 cmETH, and 8,000 cETH. The stolen assets were then distributed across multiple addresses and quickly converted into other tokens via decentralized exchanges such as Uniswap, Paraswap, and KyberSwap. Bybit has emphasized that despite the breach, the crypto exchange remains solvent, with all client assets backed at a 1:1 ratio. Ben Zhou assured users that Bybit retains sufficient reserves to absorb the losses without impacting withdrawals or overall platform operations.
According to BitMEX Research, approximately 75% of Bybit’s ETH deposits were affected, though the crypto exchange still holds over $20 billion in total assets, including $6.9 billion in Bitcoin and $4.1 billion in USDT. The timing of the hack coincided with a previously scheduled system maintenance, raising further concerns among security researchers. Some have speculated that the attack may have been planned to coincide with the maintenance period, possibly to minimize detection and delay mitigation efforts.
Bybit’s response has focused on securing its remaining wallets and investigating the breach in collaboration with blockchain forensic teams. The company has not disclosed whether it intends to pursue legal action or seek law enforcement assistance to recover the stolen funds. Meanwhile, the hacker continues to fragment and redistribute the stolen assets, complicating efforts to track and reclaim them. The attack underscores the persistent risks facing centralized cryptocurrency exchanges, even those employing multi-signature security protocols. – By CryptoWire News Desk.
