Ethereum News Today: "Malicious Code Exploits Multi-Sig Flaw in $1.5B Crypto Heist"

Generated by AI AgentCoin World
Monday, Oct 6, 2025 8:58 pm ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Bybit suffered a $1.5B theft via Safe{Wallet} vulnerabilities, marking history's largest crypto heist.

- North Korea's Lazarus Group exploited malicious JavaScript to manipulate transaction approvals and drain 401,347 ETH.

- BTC/ETH dropped 5.4%-6.74% post-breach, while Bybit's assets fell $5.7B as 99.9% of withdrawals were processed urgently.

- Bybit secured 447,000 ETH liquidity, launched a $140M bounty program, and froze $42.8M stolen assets with Chainalysis/Tether.

- The attack exposed multi-sig wallet risks, prompting industry calls for stronger security standards and regulatory scrutiny of custodial practices.

On 21 February 2025, Bybit, one of the world's largest cryptocurrency exchanges, suffered a $1.5 billion theft from its

Ethereum
cold wallet, marking the largest cryptocurrency heist in history. The attack exploited vulnerabilities in the transaction approval process of Safe{Wallet}, a multi-signature wallet service. Hackers injected malicious JavaScript code into Safe{Wallet's web interface, altering the transaction data displayed to authorized signers. This allowed them to approve a transaction that secretly transferred control of the cold wallet to the attackers, who then drained 401,347
ETH
(worth $1.068 billion) and other Ethereum variants (totaling $279 million) within hoursIn-Depth Technical Analysis of the Bybit Hack | NCC Group[1].

The breach was traced to North Korea's state-sponsored Lazarus Group, known for its sophisticated cyber operationsBybit Hack 2025: Before & After — A Data-Driven Analysis[2]. The attackers used the compromised JavaScript to manipulate the transaction approval workflow, disguising the malicious action as a routine internal transfer. Once the funds were stolen, they were rapidly dispersed across decentralized exchanges, centralized platforms, and mixing services to obscure their origins. Blockchain analysts noted that the stolen ETH was converted into

Bitcoin
via cross-chain bridges like Chainflip and laundered through services such as eXchHow the Bybit hack happened: inside the $1.5 billion …[3].

The market reacted swiftly to the incident. Bitcoin (BTC) fell 5.40% from its pre-hack high, while Ethereum (ETH) dropped 6.74% on hourly charts. The broader crypto market saw altcoins like

Solana
(SOL) plummet by 15.11%, reflecting heightened investor uncertainty. Bybit's total assets fell from $16.9 billion to $11.2 billion post-breachBybit Hack 2025 Explained: A Guide to What Went …[4]. The exchange faced an immediate surge in withdrawal requests, with 99.90% processed within 10 hours of the incident. To stabilize its liquidity, Bybit secured 447,000 ETH through loans and partnerships with firms like Binance and Galaxy Digital, avoiding open-market purchases to prevent price volatilityBybit Security Breach: Post-Incident Analysis and Liquidity Recovery[5].

Bybit implemented emergency security measures, including custom software for signature verification, manual transaction checks via Etherscan, and enhanced multi-signature protocols. It also launched a bounty program offering 10% of recovered assets (up to $140 million) to incentivize tracking of stolen fundsDe.Fi REKT Report: Q1 2025 — Over $2 Billion Lost in DeFi and …[6]. Collaborations with blockchain analytics firms like Chainalysis and

Tether
, which froze 181,000
USDT
linked to the hack, further aided recovery efforts. As of late February 2025, $42.8 million of the stolen assets had been frozen or recovered, though full retrieval remains unlikelyCrypto Hack Losses Drop 37% in Q3 2025 as Code …[7].

The attack exposed critical vulnerabilities in multi-signature wallet infrastructure, particularly the reliance on third-party tools like Safe{Wallet. Forensic analyses highlighted that the malicious JavaScript was injected through a compromised Safe{Wallet developer machine, altering the transaction data before signers reviewed it. The attack underscored the risks of off-chain manipulation, where signers unknowingly approved transactions that appeared legitimate but were rerouted to attacker-controlled addressesIn-Depth Technical Analysis of the Bybit Hack | NCC Group[1].

Industry responses emphasized the need for stronger security standards. Bybit's CEO, Ben Zhou, praised the support from partners and the crypto community, noting the incident highlighted the sector's resilience. Major players like Bitget, Crypto.com, and Tether provided liquidity and froze assets to mitigate the breach's impact. The FBI publicly attributed the attack to Lazarus, urging the sector to block transactions linked to the stolen fundsHow the Bybit hack happened: inside the $1.5 billion …[3].

The Bybit hack has intensified regulatory scrutiny on crypto exchange security, with calls for stricter oversight of custodial practices and third-party integrations. The incident also prompted broader discussions on the limitations of existing standards like EIP-712 for rendering complex smart contract operations in a human-readable formatIn-Depth Technical Analysis of the Bybit Hack | NCC Group[1]. As the crypto industry grapples with the fallout, the event serves as a stark reminder of the evolving tactics of state-sponsored cybercriminals and the urgent need for proactive security innovations.