Bybit, one of the leading cryptocurrency exchanges, has confirmed it was the victim of a massive hack on February 21, 2025, resulting in the theft of $1.46 billion worth of Ethereum (ETH). The attack raises alarm bells throughout the cryptocurrency trading community, marking it as one of the largest thefts relied upon by hackers exploiting advanced methods to bypass security measures.
The breach was reported by ZachXBT, a well-known detective within the cryptocurrency sector, who noted suspicious outflows exceeding $1.46 billion from Bybit’s accounts. Shortly thereafter, Bybit’s CEO, Ben Zhou, confirmed the breach, emphasizing the attack involved their ETH multisig cold wallet.
According to Bybit’s official statement, the hacking incident occurred during a routine transfer from the cold wallet to its warm wallet. Zhou explained the nature of the attack, stating, “Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack.”
Reports suggest the hackers used advanced techniques to mask the transaction, employing what is known as UI spoofing, which altered the interface to show the correct address, misleading the wallet signers. Consequently, they managed to gain control over the ETH wallet and facilitated the transfer of significant assets to unidentified addresses. Notably, the cold wallet transferred over 401,346 ETH, equaling approximately $1.1 billion, along with various iterations of staked Ethereum (stETH).
"While this incident is significant, we want to assure our users and partners: all other Bybit cold wallets remain fully secure. All client funds are protected, and our operations continue normally without any disruptions," Bybit reported, guaranteeing users their assets were safe.
The hacking traces indicate the possibility of the stolen funds being transferred to various wallets, with Lookonchain analytics showing movements of considerable portions of the stolen assets, hinting at the hackers' attempts to launder the funds through decentralized exchanges.
This incident has already begun to shake the cryptocurrency market, with Ethereum experiencing sharp declines immediately following the news. The price of ETH fell approximately 4%, reflecting the market's immediate apprehensive response to the breach, which, as analysts assert, could potentially have long-lasting effects on cryptocurrency values.
This loss surpasses the previous record of $650 million, which resulted from the Ronin Bridge vulnerability. Other significant breaches include losses from exchanges like Mt. Gox ($470 million) and Coincheck ($530 million). With this latest incident, Bybit has now become synonymous with the largest cryptocurrency theft ever recorded.
Responses from the cryptocurrency community have varied. While some users voiced their anxiety, calling for the withdrawal of funds from Bybit, others displayed confidence, believing the platform has enough reserves to cover the losses. Ben Zhou emphasized their security protocols and stated, "We assure users our assets are backed 1:1, and we will cover all losses, even if we cannot recover the stolen funds.”
Industry experts are also weighing the security flaws exposed through this incident, prompting discussions on improving protocols within cryptocurrency exchanges to mitigate such breaches. A cybersecurity expert remarked on the chain of attacks observed, likening it to the hack on Indian exchange WazirX which involved similar techniques.
All of these developments point toward increased scrutiny of security measures across the cryptocurrency ecosystem as exchanges work to regain trust from their users.