Crypto investigator ZachXBT has reported suspicious outflows exceeding $1.46 billion from Bybit accounts. Shortly after, Bybit CEO Ben Zhou confirmed the exchange had been hacked. According to Zhou, only one wallet was affected, while all other funds remain secure, and withdrawals continue to function normally.
The breach occurred during a transfer of ETH from a cold multi-signature wallet to a hot wallet. Hackers altered the transaction signing interface, making it appear legitimate to all participants. However, the underlying smart contract logic was modified, giving the attackers control over the ETH wallet and allowing them to withdraw funds to an unidentified address.
Bybit is now investigating the incident alongside cybersecurity experts and industry partners, assuring users that their funds are safe.
How the Hack Unfolded
According to ZachXBT, the stolen mETH and stETH tokens have already been partially swapped for ETH via decentralized exchanges. The attackers then distributed 10,000 ETH across 36 wallets. ZachXBT urged crypto platforms to blacklist the suspicious addresses. 0xngmi, founder of DeFi Llama, noted that the methods used in this attack are similar to those in the July 2024 WazirX hack, where Indian exchange WazirX lost around $235 million due to transaction data manipulation.
The Bigger Picture
According to Chainalysis, total crypto-related fraud in 2024 reached at least $9.9 billion, highlighting ongoing security challenges in the industry.
