Bybit’s Silent Heist 💀

Step 1: The Setup

Feb 19, 2025 – The hacker planted a fake security contract at 0xbDd077f...9516, setting a trap.

Step 2: The Multi-Sig Heist

Bybit’s wallet needs multiple approvals for changes. On Feb 21, the hacker somehow stole three key signatures and swapped Bybit’s real security contract for their fake one.

Proof: 0x46deef0f...7882

Imagine a thief walking into a bank, saying, “I’m the owner, let’s change the locks,” and the bank says, “Okay!”

Step 3: The Hidden Backdoor

The hacker used a DELEGATECALL trick (an “invisible backdoor”) to sneak into Bybit’s system.

The trap was set at STORAGE[0x0] under: 0x962214...C7242.

Inside were two kill switches:

sweepETH → Steals Ethereum

sweepERC20 → Steals tokens

Translation: The hacker built a secret drawer only they could open.

Step 4: The Cash Grab

With one click, they drained Bybit’s hot wallet. Funds gone.

Moral: Multi-sig means nothing if someone controls the keys.