Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms

The cryptocurrency exchange Bybit was hacked for more than $1.4 billion worth of Ethereum on Friday in what cybersecurity experts are calling the largest-ever theft targeting a cryptocurrency platform.

The Dubai-based company said the incident occurred when the company was moving funds from a “cold” wallet — a wallet whose private keys are kept offline for security reasons — to an online “warm” wallet. 

“Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” the company said in a post on X. 

The widely followed crypto investigator known as ZachXBT posted on his Telegram page just after 10 a.m. EST that he had observed suspicious outflows from Bybit of more than $1.46 billion. A subsequent post said the attacker had split more than 20,000 ETH coins to 48 addresses. 

In a livestream to address the incident on Friday, Bybit CEO Ben Zhou confirmed that 401,000 ETH coins had been stolen. He assured customers that other wallets had not been impacted and said the exchange had enough liquidity to honor withdrawals and to survive the incident.

“We've experienced massive withdrawals since the last two hours, and we currently have as of maybe 10 minutes ago 4,000 withdrawals pending,” he said in the early afternoon. “Bybit is one-to-one backed … meaning that all of the money is in the wallet.” 

Zhou speculated that the source of the compromise could have been the wallet provider Safe, which Bybit uses for its Ethereum cold wallet. 

“It could be that a Safe server was hacked, but we don’t know,” he said, adding that Bybit is working with Safe to investigate the incident. 

In a post on social media, Safe wrote: “We have not found evidence that the official Safe frontend was compromised. However, out of caution, Safe{Wallet} is temporarily pausing certain functionalities.” 

Before the hack, Bybit reportedly had reserve assets of more than $16 billion. Zhou claimed the company had already secured bridge loans to cover 80% of the stolen ETH. 

The Bybit theft is likely to go down as one of the most significant amid a long history of high-profile heists. The DeFi platforms Ronin Network and Poly Network each lost more than $600 million in hacks. 

North Korea’s Lazarus Group has been the most prolific perpetrator of crypto exchange robberies, transferring huge amounts of funds into Pyongyang’s state coffers. The blockchain monitoring firm Chainalysis said $2.2 billion worth of cryptocurrency was stolen through hacks last year.