The Complete Incident Process of #bybit被盗
On February 21, 23:29: On-chain detective ZachXBT disclosed on his personal channel that over $1.46 billion in suspicious funds had flowed out of Bybit, with the related funds being exchanged from mETH and stETH to ETH on DEX. He then updated that his sources confirmed the abnormal fund flow as a security incident and called on all exchanges and service providers to ban suspicious addresses across all EVM chains.
On February 21, 23:40: Arkham monitored that over $1.4 billion in ETH and stETH was flowing out of the Bybit platform. These funds had begun to be transferred to new addresses and sold off, with $200 million worth of stETH already sold.
On February 21, 23:47: Bybit CEO Ben Zhou confirmed in a post that hackers deceived multi-signature holders through a disguised Safe wallet interface to gain control of an ETH cold wallet. About an hour earlier, when this cold wallet transferred to a hot wallet, all signers saw the correct address and Safe wallet URL, but the actual signed information was an operation that changed the smart contract logic. Ben Zhou emphasized that other cold wallets were unaffected and that the platform's withdrawal services were operating normally. The Bybit team is tracking the stolen funds and welcomes relevant teams to provide assistance.
On February 22, 00:02: On-chain detective ZachXBT's latest report stated that the attacker of the Bybit security incident had dispersed 10,000 ETH to 39 different addresses. ZachXBT called on all exchanges and service providers to implement ban measures on these addresses across all EVM chains.
On February 22, 00:09: Slow Mist security expert Yu Xian analyzed on platform X that although there is currently no conclusive evidence, based on the attacker's invasion technique targeting Safe multi-signature and the current method of laundering funds, this Bybit security incident aligns with the characteristics of North Korean hacker groups. Yu Xian cited a previous case where Radiant Capital was attacked by North Korean hackers.
On February 22, 00:44: In response to the security incident faced by Bybit, several cryptocurrency exchange leaders publicly stated that they would provide assistance to Bybit regarding the theft.
On February 22, 01:00: Bybit CEO Ben Zhou urgently prepared a live broadcast to respond to the latest ETH wallet security incident, providing key information updates and answering user questions.
