ByBit's $1.5B Ethereum Hack: One of Crypto's Biggest Heists

Crypto exchange ByBit has suffered a significant security breach, resulting in the theft of approximately $1.5 billion in Ethereum (ETH) from one of its cold wallets. This incident is considered one of the largest hacks in the history of cryptocurrency.

On February 21, ByBit announced on its social media platform that it had detected unauthorized activity involving one of its Ethereum cold wallets. The exchange explained that the incident occurred when the ETH multisig cold wallet executed a transfer to the warm wallet. However, the transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker gained control of the affected ETH cold wallet and transferred its holdings to an unidentified address.

While the exact amount stolen was not initially disclosed, on-chain data revealed that the attacker siphoned 401,346.76 ETH, worth approximately $1 billion at the time of the incident. Blockchain analysis firm Lookonchain later stated that the stolen assets involved around $1.5 billion in different assets, including staked Ethereum. The suspicious address has since begun swapping the stolen funds for ETH.

ByBit has confirmed that all of its operations are still functioning normally and that it is actively investigating the incident. The exchange has reached out to leading blockchain forensic experts and partners to assist in tracing the stolen assets. Ben Zhou, ByBit's CEO, has also corroborated the situation, emphasizing that only the ETH cold wallet was hacked, and all other wallets, including hot and warm wallets, remain unaffected. Withdrawals are still operating normally.