Discover top fintech news and events!
Subscribe to FinTech Weekly's newsletter
Read by executives at JP Morgan, Coinbase, Blackrock, Klarna and more
Bybit Suffers Historic $1.4 Billion Crypto Heist
Hackers have executed the largest cryptocurrency theft in history, stealing an estimated $1.4 billion from the Bybit exchange. The unprecedented attack, confirmed by Bybit CEO Ben Zhou, targeted an offline cold wallet containing 400,000 ETH.
The theft took place early Friday morning, exploiting vulnerabilities in the platform’s transaction process between its cold and hot wallets. This breach surpasses the 2022 Ronin Network hack, which saw $620 million stolen, allegedly by North Korea’s Lazarus Group.
How Hackers Exploited Bybit’s Cold Wallet Security
The stolen funds were stored in a cold wallet—a type of offline storage considered one of the most secure methods for safeguarding digital assets. However, the attack revealed a sophisticated flaw in the system’s multi-signature approval process.
In normal circumstances, transferring funds from a cold wallet to a hot wallet requires multiple private key approvals. However, Bybit reported that attackers manipulated the signing interface, displaying the correct wallet address while altering the underlying smart contract logic.
This allowed the hackers to bypass security checks, gain control of the cold wallet, and transfer the Ethereum to an undisclosed address without triggering the usual alerts.
Ongoing Investigation and Cybersecurity Response
Bybit has enlisted leading cybersecurity firms to investigate the breach and track the movement of the stolen funds across the Ethereum blockchain. The investigation aims to uncover how the attackers gained remote access to internal systems—a possibility suggested by Bybit’s official statement.
Despite the breach, Bybit’s CEO reassured users that their funds are safe. The exchange holds approximately $20 billion in client assets and has pledged to cover any unrecovered funds using its treasury.
Ethereum Price Falls Amid Market Reactions
The hack has had an immediate impact on the market. Ethereum’s price dropped from $2,823 to $2,685 following news of the incident. The sudden sell-off reflects investor concerns over the security of digital assets and the broader vulnerability of crypto exchanges.
Despite the sharp decline, Bybit has continued processing Bitcoin withdrawals and expects to resume Ethereum withdrawals after securing an emergency loan. Zhou mentioned that while there was a surge in ETH withdrawals, the exchange has now passed the peak of the crisis.
The Growing Threat of Crypto Heists
This attack highlights the increasing sophistication of cybercriminals targeting the crypto sector. In 2024 alone, the industry has already seen over $1.49 billion lost to hacks, according to cybersecurity reports.
The Bybit incident reinforces the urgent need for improved security measures across the fintech and cryptocurrency sectors. While cold wallets offer a layer of protection, this breach demonstrates that even offline storage systems are not immune to advanced attacks.
What’s Next for Bybit and Crypto Security?
As the investigation continues, the broader crypto community will be watching how Bybit handles its response. The exchange’s ability to cover client losses and reinforce its security measures will be crucial for restoring user confidence.
This heist serves as a reminder that even the most secure platforms must continuously evolve their defense strategies to keep up with increasingly sophisticated threats. For now, Bybit’s swift commitment to reimburse affected users could set a precedent for how exchanges handle large-scale breaches in the future.
