Singapore-based cryptocurrency exchange Bybit has fallen victim to a massive security breach, with hackers siphoning off over $1.4 billion worth of Ethereum (ETH) and other ERC-20 tokens. The attack, which targeted the exchange’s ETH cold wallet, is one of the largest centralized exchange hacks in crypto history, surpassing even the infamous Mt. Gox and Coincheck breaches.
How the Attack Unfolded
The exploit was first detected by on-chain security analyst ZachXBT, who alerted the crypto community to blacklist the hacker’s addresses. Bybit co-founder and CEO Ben Zhou confirmed the breach, stating that the attacker had manipulated the exchange’s multisignature ETH cold wallet through a deceptive transaction.
According to Zhou, the hackers deployed a “masked” transaction that appeared legitimate to all signers of the multisig wallet. However, the transaction contained malicious code that altered the wallet’s smart contract logic, effectively granting the hacker full control. Within moments, the attacker drained the ETH cold wallet, transferring massive amounts of liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other assets to external addresses.
Impact and Ongoing Investigation
The attacker initially sent the stolen funds to an address starting with “0x476,” which received over 400,000 ETH (~$1.1 billion), along with 90,000 stETH, 15,000 cmETH, and 8,000 cETH. The funds were then distributed across multiple newly created addresses, utilizing decentralized exchanges like Uniswap, Paraswap, and KyberSwap to obscure the trail.
Despite the scale of the breach, Bybit has assured users that all non-ETH cold wallets remain secure and that withdrawals are functioning normally. “Bybit is solvent even if this hack loss is not recovered; all client assets are 1:1 backed — we can cover the loss,” Zhou stated, aiming to reassure customers amid market panic.
Market Reaction and Security Concerns
The hack has sent shockwaves through the crypto market, with ETH prices dropping over 3% in response to the news. Analysts have pointed out that approximately 75% of Bybit users’ ETH deposits were stolen, raising concerns about centralized exchange security.
Adding to the industry’s worries, February 2025 has seen a spike in security breaches. Just days before the Bybit hack, Starknet-based money-market protocol ZkLend was exploited for $9.5 million. Additionally, Solana-based decentralized exchange Jupiter and Eliza Labs founder Shaw Walters suffered social media breaches, where attackers used their accounts to promote scams.
Source: https://cryptoticker.io/en/bybit-crypto-hack-2025-eth/