Bybit’s ETH cold wallet exploited for $1.46b

Bybit confirmed that its multi-sig cold wallet was breached, just hours after the crypto exchange increased access to liquidation data for transparency.

Bybit CEO Ben Zhou stated that hackers infiltrated the exchange’s (ETH) multi-signature cold wallet, draining nearly $1.5 billion in crypto. The breach was first flagged by renowned on-chain sleuth ZachXBT, who alerted the public to suspicious withdrawals from Bybit.

Companies use multi-signature wallets to mitigate single points of failure, as multiple parties must approve a transaction. If one signer is compromised, the others can refuse to authorize fund transfers. However, in this case, the hackers managed to deceive all signers.

According to Zhou, the attackers masked a transaction to mislead the wallet’s signers. While the team believed they were approving a legitimate address, they were unknowingly authorizing changes to the smart contract managing Bybit’s ETH cold wallet.

This allowed the hackers to withdraw all Ether and Ether derivatives from Bybit’s wallet to an unknown address. The perpetrators then began swapping the stolen funds for Ethereum tokens on decentralized exchanges, ZachXBT reported.

ZachXBT also noted that the hackers split the stolen assets across multiple addresses to evade tracking. The blockchain investigator published a list of these addresses on his official Telegram channel, urging exchanges to blacklist them.

Meanwhile, Zhou assured users that the breach was isolated to Bybit’s Ethereum cold wallet.

“Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL,” Zhou added.

The attack on Feb. 21 may be the largest-ever exploit against a single crypto exchange. At $1.46 billion, the amount stolen accounts for more than 50% of the total crypto value siphoned in 2024.

This is a developing story.