Bybit Cold Wallet Hacked: Millions in ETH Stolen Due to UI Manipulation
In a shocking development, Bybit, one of the leading cryptocurrency exchanges, has suffered a major security breach involving its Ethereum (ETH) cold wallet. The platform's co-founder and CEO, Ben Zhou, confirmed the incident in a recent post on X (formerly Twitter), explaining that the hack was carried out through a sophisticated UI manipulation technique.
How the Hack Happened
According to Zhou, the breach was executed by masking the user interface (UI) seen by the signers of the transaction. The hackers ensured that the correct address and a legitimate-looking URL from Safe (a popular multisig wallet provider) were displayed. However, the actual signing message authorized a change in the smart contract logic of Bybit's ETH cold wallet.
This manipulation allowed the attackers to take control of the specific ETH cold wallet and transfer all its funds to an unidentified address.
Impact on Bybit and Users
While the amount stolen has not been officially confirmed, the incident raises serious concerns about the security of cold wallets, which are typically considered one of the safest storage methods for digital assets. Zhou reassured users that all other cold wallets remain secure and that withdrawals on the platform are functioning normally.
However, this breach underscores the risks associated with smart contract-based wallets, even when using multisig protection. The exploit highlights the growing sophistication of cybercriminals targeting major exchanges.
What’s Next?
Bybit is actively investigating the incident and seeking assistance from blockchain analysts and security teams to track the stolen funds. The exchange has shared an Etherscan transaction link to monitor the movement of the stolen ETH.
This event serves as a wake-up call for the crypto industry, emphasizing the need for enhanced verification mechanisms beyond UI validation. Cold storage, while highly secure, is not immune to attack vectors that exploit human trust and software vulnerabilities.
Bybit users and the broader crypto community will be closely watching for updates on potential fund recovery and additional security measures the exchange may implement to prevent future breaches.
