Cryptocurrency exchange Bybit has revealed a $1.4 billion hack of their Ethereum cold wallet, one of the largest crypto thefts in history. The attack involved a sophisticated scheme that manipulated a planned transfer, allowing the hacker to drain the funds from the cold wallet to an unidentified address. Over $1.46 billion worth of Ethereum (ETH) and staked Ethereum (stETH) was stolen.
The hacker exploited a "masked" UI and URL, deceiving wallet signers into unknowingly approving a malicious transaction. This allowed the attacker to alter the smart contract logic and gain control of the ETH cold wallet.
"Bybit detected unauthorized activity involving one of our ETH cold wallets," the company wrote on X Friday. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.
"Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.
"We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption. Transparency and security remain our top priorities, and we will provide updates asap"
A report by blockchain investigator ZachXBT provided strong evidence linking the attack to the Lazarus Group, a hacking organization linked to North Korea.
Bybit is working with blockchain forensic experts to investigate the incident and trace the assets. And it has secured around 80% of the funding needed to cover the loss through partner bridge loans.
The company's CEO Ben Zhou wrote on X, "Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss."
The CEO in a later update wrote: "Since the hack (10 hrs ago) , Bybit has experienced the most number of withdraws that we have ever seen, We have had a total number of more than 350k withdraws requests, so far, around 2100 withdraw requests left to be processed. Overall 99. 994% withdraws have been completed. If your withdraws are completed, please leave a comments here.
"Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns. ALL hands on DECK. Rest assured, we are here with you."
The hack caused significant volatility in the cryptocurrency market, with Ethereum (ETH) experiencing a sharp dip from the $2,850 key level, declining by 6%.
The incident has raised questions about the security of non-bitcoin digital assets.
