Bybit Breach Wake-Up Call: Security Must Be a Mindset, Not Just a Department, Says Failsafe's Aneirin Flynn

The recent $1.4 billion Ethereum theft from Bybit has sent shockwaves through the crypto market, highlighting the urgent need for a shift in mindset regarding security in the industry. Aneirin Flynn, co-founder and CEO of FailSafe, a blockchain security firm, spoke with Benzinga about the Bybit exploit, potential preventive strategies, and why an Ethereum rollback isn't a feasible solution. FailSafe provides real-time threat detection and intelligent risk management to protect digital assets from evolving cyber threats.



The Bybit hack, which involved the deployment of a malicious implementation contract on February 19, 2025, exploited vulnerabilities in the exchange's system. Blockchain security firm SlowMist outlined how the attacker used sophisticated methods to manipulate the contract by replacing a legitimate multi-signature wallet contract with a malicious one. This manipulation allowed the attacker to gain control over the Ethereum coldCOLD-- wallet used by Bybit, which held a significant amount of ETH. According to reports from SlowMist, the attacker used backdoor functions in the malicious contract to drain the wallet. These backdoor functions, "sweepETH" and "sweepERC20," allowed the hacker to transfer large amounts of ETH to an unidentified address. The malicious contract also involved multiple signatures, which masked the attacker's actions, making it harder to detect.

Ben Zhou, the founder of Bybit, addressed the situation on X, confirming the breach and emphasizing the impact on Bybit's cold storage. He stated that the ETH cold wallet was the only one affected, while other wallets remained secure. Zhou also assured customers that their funds were not at risk. However, as the investigation continued, the breach caused widespread concern about the security of cryptocurrency exchanges.

Following the Bybit hack, the exchange's team, including Ben Zhou, worked alongside blockchain forensic experts to track the stolen funds. Bybit is providing regular updates, aiming to maintain transparency and reassure users. In a live stream, Zhou emphasized that the company was solvent and capable of covering the loss, even if the stolen assets could not be recovered. Bybit also confirmed that withdrawals and deposits remained functional, with no disruptions to its operations. Zhou stated, "Bybit is solvent even if this hack loss is not recovered. All of clients’ assets are 1 to 1 backed, and we can cover the loss." The exchange's ongoing efforts to address the hack included collaborating with other industry leaders for assistance in tracking the stolen funds.

Despite Bybit's assurances, the hack triggered a wave of user withdrawals. As of writing time, reports indicated that $700 million had been withdrawn from the exchange. This has led to increased concerns about the future of the exchange and whether it can recover from the financial and reputational damage caused by the attack.

The news of the Bybit hack had an immediate effect on the broader cryptocurrency market. Bitcoin and Ether experienced a sharp decline in prices, with Bitcoin dropping to nearly $97,000 and Ether slipping below $2,700. The Bybit hack, coupled with the market's sensitivity to security issues, contributed to a downturn in crypto prices, triggering liquidations of leveraged positions. Additionally, other cryptocurrencies also saw significant losses. XRP, the digital currency associated with Ripple, fell by over 4.5%, reaching a price of $2.58. Similarly, StellarSTEL-- (XLM) saw a decrease of 4.84%, dropping to $0.3303. Subsequently, the Bybit hack has caused some traders to pull back from high-risk assets, further adding to the downward pressure on the market causing a dip in total crypto market cap by 0.80% to $3.2T.



The Bybit breach serves as a wake-up call for the crypto industry, highlighting the need for a shift in mindset regarding security. As Aneirin Flynn pointed out, the industry has been overestimating the security of multisig and hardware wallets, leading to a false sense of security. The recent compromises at Safe and Ledger demonstrate that the real vulnerabilities lie in the human and operational aspects surrounding these systems. To better protect users' assets, exchanges like Bybit could adopt a more proactive approach by diversifying asset storage across multiple wallets, tightening administrative controls, and implementing additional layers of transaction verification.

In conclusion, the Bybit hack serves as a stark reminder of the importance of a proactive approach to security in the crypto industry. As Aneirin Flynn emphasized, security must be a mindset, not just a department. Bybit's response to the hack, including its collaboration with industry leaders and commitment to transparency, demonstrates the exchange's dedication to addressing the breach and rebuilding user trust. However, the crypto industry as a whole must learn from this incident and prioritize security as a core value, rather than an afterthought. By doing so, the industry can better protect users' assets and maintain the integrity of the blockchain ecosystem.