Bybit Hit by Record $1.4B Crypto Hack

On February 21, 2025, the cryptocurrency world was rocked by news of a massive security breach at Bybit, one of the industry’s leading exchanges. Hackers made off with over $1.4 billion worth of Ethereum (ETH) and related tokens, marking the largest single theft in crypto history. The incident, confirmed by Bybit co-founder and CEO Ben Zhou, has sent shockwaves through the market, reigniting debates about the security of centralized exchanges and the vulnerabilities inherent in the crypto ecosystem.

How the Hack Unfolded

The breach targeted Bybit’s Ethereum cold wallet, a supposedly secure offline storage system designed to protect funds from online threats. According to Zhou, the attack occurred during a routine transfer between the exchange’s hot wallet (used for day-to-day transactions) and its cold wallet. What seemed like a standard operation turned into a sophisticated heist when hackers exploited a deceptive transaction process.

The attackers employed a technique known as UI (user interface) spoofing, masking a malicious transaction to trick Bybit’s multisignature (multisig) wallet signers. The team believed they were authorizing a legitimate transfer to a warm wallet—an online staging area—but instead, the signing process altered the underlying smart contract logic. This gave the hackers full control of the cold wallet, allowing them to drain approximately 401,346 ETH, along with other assets like liquid-staked Ether (stETH) and Mantle Staked ETH (mETH). At current market prices, the total value stolen exceeds $1.4 billion.

Blockchain security analyst ZachXBT was among the first to spot the suspicious outflows, flagging transactions totaling $1.46 billion on Telegram. The stolen funds were quickly split across 53 newly created wallet addresses, with some transfers involving chunks of 10,000 ETH (roughly $27 million each). The hacker then used decentralized exchanges like Uniswap and KyberSwap to swap stETH and mETH for ETH, attempting to obscure the trail.

Bybit’s Response: Solvency Assured, Withdrawals Continue

Despite the staggering loss, Bybit has moved swiftly to reassure its users. In a livestream on X, Zhou emphasized that only the Ethereum cold wallet was compromised, leaving all other cold and hot wallets intact. “Bybit is solvent even if this hack loss is not recovered,” he stated, adding that the exchange’s client assets are backed 1:1 and that its $16.2 billion in reserves can cover the shortfall. Operations, including withdrawals, have continued without interruption, though ETH withdrawals are temporarily supported by a bridge loan from partners.

The exchange reported a surge in withdrawal requests—nearly 100 times normal levels—following the news, with 70% processed by midday on February 22. Zhou acknowledged a backlog in customer support but assured users that staff were working around the clock to clear it. Bybit has also partnered with blockchain forensic teams, including Safe’s security unit and firms like SlowMist, to investigate the breach. Early speculation points to similarities with previous attacks linked to North Korean hackers, though no definitive culprit has been identified.

Market Impact and Industry Fallout

The hack triggered immediate volatility in the crypto market. Ether’s price dropped over 3% as news broke, falling below $2,700, while Bitcoin slipped from near $100,000 to $97,000. Ethereum futures traders bore the brunt, with $76 million in liquidations over four hours, including $43 million from short positions, according to CoinGlass data. The sheer scale of the theft—representing over 60% of all crypto funds stolen in 2024—underscored the growing threat of cyberattacks as digital asset prices rise.

This isn’t the first major hack of 2025. Earlier incidents, like the $9.5 million exploit of Starknet’s ZkLend and the $2.5 million breach of Arbitrum-based Moby, signaled a troubling trend. However, Bybit’s loss dwarfs these, surpassing even historic heists like the $625 million Ronin Network exploit in 2022 and the $611 million Poly Network breach in 2021. With 2024 already seeing $2.2 billion stolen across 303 incidents (per Chainalysis), the Bybit hack pushes this year’s total well beyond $3.6 billion.

The Hunt for the Hacker

The stolen ETH, now held across 53 tracked wallets, presents a challenge for the perpetrator. Moving or liquidating such a massive haul—over 500,000 ETH, more than Ethereum co-founder Vitalik Buterin’s holdings—is no easy feat in a bearish market under intense scrutiny. Blockchain intelligence firm Arkham has launched a bounty, offering 50,000 ARKM tokens for information leading to the hacker’s identification, while the crypto community watches Etherscan’s flagged “Bybit exploiter” addresses in real time.

Security experts warn that the attack vector—manipulating multisig processes via UI spoofing—remains a persistent threat. Taylor Monahan of MetaMask told DL News, “No one is prepared for this attack vector. This will happen again and again.” Similar tactics were used in breaches like WazirX ($235 million) and DMM Bitcoin ($308 million) in 2024, highlighting the need for stronger safeguards.

What’s Next for Bybit and Crypto Security?

Bybit’s transparency and financial resilience have mitigated some panic, but trust in centralized exchanges has taken a hit. Zhou hinted at two possible causes under investigation: either all signers’ computers were compromised with a faked Safe website, or the Safe multisig platform itself was breached. Safe has paused certain functions as a precaution, though no evidence points to a flaw in its official frontend.

For now, Bybit is leaning on its $20 billion in assets under management to weather the storm. The exchange’s proof-of-reserves system, showing robust backing before the hack, offers some reassurance. However, the incident has intensified calls for decentralized alternatives and better private key management—key vulnerabilities in centralized platforms.

As the crypto industry reels from this historic breach, traders are urged to stay vigilant. The Bybit hack is a stark reminder that even the most secure systems can fall to sophisticated attacks, and with cybercriminals growing bolder, the stakes have never been higher.

Source: forbes.com