Bybit, a major cryptocurrency exchange, has suffered a devastating security breach, with hackers making off with more than $1.4 billion in liquid-staked Ethereum (stETH), MegaETH (mETH), and other ERC-20 tokens. This incident marks one of the most significant crypto heists in recent history, sending shockwaves across the digital asset market and causing a sharp decline in Ethereum prices.
The exploit was first detected by onchain security analyst ZachXBT, who flagged suspicious outflows from Bybit shortly after the attack occurred. Bybit co-founder and CEO Ben Zhou confirmed the breach, explaining that a transfer from the exchange’s multisignature wallet to a warm wallet was manipulated through malicious source code designed to alter the smart contract logic of the wallet.
“The signing message was to change the smart contract logic of our ETH cold wallet,” Zhou stated. “The hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address.”
Following the attack, ZachXBT reported that the stolen Ethereum was being split among 39 different addresses, likely in an effort to obfuscate the transaction history and evade tracking. Some of these funds have already been funneled through decentralized exchanges, a common tactic used by cybercriminals to launder stolen assets.
Bybit Assures Users That Client Funds Are Safe
Amid the massive breach, Bybit has reassured customers that their funds remain secure. In a statement posted on X (formerly Twitter), the exchange emphasized that cold wallets remain fully protected, and all withdrawals are operating normally.
Zhou further stated: “Bybit is solvent even if this hack loss is not recovered. All client assets are 1-to-1 backed—we can cover the loss.”
The hack has already impacted market sentiment, with Ethereum (ETH) dropping by over 3% following the announcement, bringing its price down to $2,727. Bitcoin (BTC) also experienced a slight dip, trading at $98,091.
The Bybit attack adds to a growing list of high-profile crypto exchange breaches over the past year, highlighting ongoing security vulnerabilities in the industry. With cybercriminals increasingly using sophisticated methods to manipulate smart contracts and multisig wallets, exchanges are under pressure to bolster security measures to prevent future exploits.
Bybit has called upon security experts and blockchain analysts to help track the stolen funds and identify the perpetrators. As investigations continue, the exchange remains committed to improving its security infrastructure and maintaining user confidence.
