Bybit confirmed a $1.4 billion hack on its Ethereum cold wallet, with attackers exploiting a “masked” transaction technique. CEO Ben Zhou assured users that customer funds remain secure and withdrawals are unaffected.
There was a big security breach at Bybit that caused over $1.4 billion worth of crypto assets to be taken out of its Ethereum cold wallet. Even though the company lost money, CEO Ben Zhou reassured users that their money is safe and fully covered.
On-chain expert ZachXBT was the first to notice the breach. At 10:20 AM ET, he noticed that $1.46 billion was being taken out of Bybit wallets without a reason. He also connected the transactions to a blockchain address, which led to more rumors about a security hole. At that point, Bybit had not made a public statement.
In the end, ZachXBT showed that the address in question had traded mETH and sETH for ETH on decentralized platforms, which was a breach of security. He later heard from sources that it really was an attack.
ZachXBT found the hack, and within 30 minutes, Bybit’s CEO admitted to it. Zhou said the attackers tricked Bybit’s team into accepting a fake transfer by using a “masked” transaction method.
Attackers changed the user interface of Bybit so that it showed a real address and Safe wallet URL. This tricked the team into signing the fake transaction.
But the transaction that was signed had harmful code hidden inside it that changed the way the cold wallet’s smart contract worked. The thieves were then able to take ETH by taking control of the bank.
Bybit made it clear that the problem only affected one cold wallet and that all other cold storage wallets are still safe. The exchange also let users know that transactions would continue as usual.
