Cryptocurrency exchange Bybit confirmed on Friday that it had suffered a significant security breach, with hackers withdrawing over $1.4 billion worth of Ethereum (ETH) and staked ETH (stETH) from its cold wallet. The exchange's CEO, Ben Zhou, stated that the attack stemmed from a manipulated transfer, allowing the hacker to take control of one of the company's multisig wallets.
Zhou detailed the incident in a post on X (formerly Twitter), explaining that "the signing message was to change the smart contract logic of our ETH cold wallet. The hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address." Despite the breach, Zhou assured users that "all other cold wallets are secure" and that withdrawals remain operational.
Ethereum's price reacted to the hack, falling nearly 3% to $2,727. Bitcoin also dipped by 1%, trading at $98,091. The broader market saw minor turbulence as investors processed the security lapse at one of the world's largest crypto exchanges.
Bybit's security breach was first flagged by blockchain security researcher ZachXBT, who noted "suspicious outflows" from the exchange and later confirmed that ETH funds were being funneled into 39 different wallets. This tactic, commonly employed by hackers, is used to obscure the movement of stolen assets, making them harder to track and recover.
Bybit issued a statement acknowledging the attack, explaining that the breach occurred when a routine transfer from its ETH multisig cold wallet to a warm wallet was manipulated by an advanced exploit. "Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," the company said.
Despite the massive loss, Zhou reassured customers that Bybit remains financially stable. "Bybit is solvent even if this hack loss is not recovered," he wrote. "All of clients' assets are 1-to-1 backed, we can cover the loss." The company has not yet detailed any plans for reimbursing affected users or whether it intends to pursue law enforcement action to recover the funds.
This breach follows Bybit's recent push for increased transparency in the cryptocurrency market. Just hours before confirming the hack, the exchange had introduced real-time liquidation data, allowing traders and analysts to access market activity updates every 500 milliseconds. The move was part of an effort to address concerns over underreported liquidation figures, a problem highlighted earlier this month when CoinGlass reported $2.24 billion in liquidations across multiple exchanges.
Meanwhile, Bybit has also made headlines for its refusal to list the Pi token, a controversial asset that has gained traction on other major exchanges such as OKX and Bitget. Zhou has repeatedly criticized the Pi Network, citing its lack of transparency and alleged pyramid scheme-like model. Chinese regulators have also issued warnings about the token, further fueling skepticism.
