Bybit’s ETH Cold Wallet Exploited for $1.46B
Bybit has confirmed a breach in its multi-sig cold wallet, resulting in a loss of nearly $1.46 billion in cryptocurrency. This occurred shortly after the exchange increased transparency by offering greater access to liquidation data.
- Hackers infiltrated Bybit’s Ethereum multi-signature cold wallet.
- The breach was initially flagged by ZachXBT, a well-known on-chain investigator.
- Suspicious withdrawals were detected, prompting the investigation.
Multi-Signature Wallets and the Hack
Multi-signature wallets are designed to prevent a single point of failure, requiring multiple parties to approve transactions. In this instance, hackers managed to deceive all signers involved.
- Multiple signers are typically required to authorize fund transfers.
- If one signer is compromised, the others can block the transaction.
- However, the attackers masked the transaction to mislead the signers into approving it.
Misleading the Signers and Asset Withdrawal
The hackers exploited this flaw by manipulating the wallet’s signers into approving a fraudulent transaction. The approval unknowingly altered the smart contract managing Bybit’s ETH cold wallet.
- Ethereum and Ether derivatives were drained from the wallet.
- The stolen funds were transferred to an unknown address.
Evading Tracking and Further Action
Once the funds were moved, the hackers began swapping them for Ethereum tokens on decentralized exchanges. To avoid detection, the assets were split across multiple addresses.
- ZachXBT published a list of addresses associated with the stolen assets.
- He urged exchanges to blacklist these addresses to prevent further transactions.
Bybit’s Response and Assurance
In response to the attack, Bybit CEO Ben Zhou assured users that the breach was contained to the Ethereum cold wallet. He emphasized that other cold wallets remain secure, and withdrawals are functioning normally.
- Zhou reassured users with the statement: “All withdrawals are NORMAL.”
- The breach is isolated to Bybit’s Ethereum cold wallet.
A Record-Breaking Exploit
The attack on February 21 could be the largest-ever exploit targeting a single crypto exchange. The stolen amount, totaling $1.46 billion, represents more than 50% of the total crypto value siphoned in 2024.
