Key Points
Bybit recently confirmed a breach of its multi-signature cold wallet. This happened just hours after the crypto exchange increased access to liquidation data for transparency.
Details of the Breach
Ben Zhou, Bybit CEO, revealed that hackers infiltrated the exchange’s Ethereum (ETH) multi-signature cold wallet. They drained almost $1.5 billion in crypto. The renowned on-chain sleuth, ZachXBT, first brought this breach to the public’s attention. He noticed suspicious withdrawals from Bybit.
Multi-signature wallets are used by companies to prevent single points of failure. Multiple parties need to approve a transaction. If a signer is compromised, the other signers can refuse to authorize fund transfers. Unfortunately, the hackers managed to deceive all signers in this case.
Zhou explained that the attackers tricked the wallet’s signers by masking a transaction. The team thought they were approving a legitimate address. In reality, they were unknowingly authorizing changes to the smart contract managing Bybit’s ETH cold wallet.
This deception allowed the hackers to withdraw all Ether and Ether derivatives from Bybit’s wallet. They transferred these to an unknown address. ZachXBT reported that the criminals started exchanging the stolen funds for Ethereum tokens on decentralized exchanges.
ZachXBT also pointed out that the hackers divided the stolen assets across multiple addresses. This was done to avoid tracking. The blockchain investigator shared a list of these addresses on his official Telegram channel. He encouraged exchanges to blacklist these addresses.
Zhou confirmed that the breach was limited to Bybit’s Ethereum cold wallet. He reassured users that all other cold wallets are secure. He also stated, “All withdrawals are NORMAL.”
The attack on Feb. 21 might be the largest-ever exploit against a single crypto exchange. The stolen amount of $1.46 billion accounts for over 50% of the total crypto value stolen in 2024. This story is still developing.
