Bybit Hack: $1.5 Billion in Ether Stolen

Bybit, one of the world's leading cryptocurrency exchanges, has suffered a major hack, resulting in the loss of nearly $1.5 billion in Ethereum (ETH). The incident, which occurred on February 21, 2025, has sent shockwaves through the crypto community and raised serious concerns about the security measures in place to protect users' assets.

The hack was first flagged by Bybit's CEO, Ben Zhou, who confirmed the attack, revealing that a fraudulent transaction originated from the platform's multi-signature ETH cold wallet had been executed. The breach was first flagged by Bybit’s CEO, Ben Zhou, who confirmed the attack, revealing that a fraudulent transaction originated from the platform’s multi-signature ETH cold wallet had been executed.

The alarming incident has sparked widespread FUD (Fear, Uncertainty, and Doubt) within the crypto community, with ETH even dropping more than 4% immediately after the hack. The hacker gained access to Ether in the exchange’s cold wallet — a secure, offline storage device for holding cryptocurrencies — and sent funds to an unidentified address.

In a later statement, Zhou said, "Bybit is solvent even if this hack loss is not recovered. All of clients assets are 1 to 1 backed. We can cover the loss." Despite the significant loss, Zhou reassured users that all other cold wallets remain secure and that withdrawals across the platform remain operational.

The exchange has mobilized its security team and blockchain forensic experts to investigate the attack and recover the stolen funds. Meanwhile, blockchain tracking firm Arkham Intelligence has reported that the hacker is now distributing the stolen assets across multiple new addresses, likely in an attempt to obscure their movements.

ALERT: BYBIT HACKER SENDING FUNDS TO MULTIPLE NEW ADDRESSES pic.twitter.com/RbQkJxC3Lm
— Arkham (@arkham) February 21, 2025

The hack was executed through a highly sophisticated method known as 'usked transactions.' According to Bybit's official statements, the malicious actors managed to manipulate the UI of the transaction approval process. All signers involved in the transaction saw what appeared to be a legitimate transfer from the ETH cold wallet to Bybit's warm wallet. However, the underlying signing message was altered to change the smart contract logic of the cold wallet, granting the attacker full control over its funds.

Once access was obtained, the hacker quickly transferred the wallet's ETH holdings to an unidentified address. This type of attack suggests the involvement of an advanced threat actor capable of bypassing multiple layers of security through social engineering or direct system exploitation.

Bybit's Response and Security Measures
Despite this breach, Bybit maintains that its other cold wallets remain secure and that the hot and warm wallets are fully functional. The exchange has also reassured users that all withdrawals are continuing as normal, which may indicate that reserve funds are being used to cover the loss.

Security experts have urged the crypto community to blacklist addresses linked to the hack and avoid interacting with them at all. Bybit has quickly implemented additional monitoring measures and is working to enhance its security protocols to prevent further incidents. Additionally, scheduled maintenance has also been announced for its live server, which will stretch into the following day.

Notably, Ben Zhou further reassured users that Bybit remains financially stable, claiming that all client assets are 1-to-1 backed, meaning they have a reserved fund of all customers’ funds. This latest incident follows an uptick in hacks and security incidents throughout 2024 and early 2025.

Source: Ben Zhou
This is a developing story, and further information will be added as it becomes available.

Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.