Bybit Cold Wallet Hacked For $1.4 Billion
Bybit Cold Wallet Hacked For $1.4 Billion

Hacker Drains $1.4 Billion From Bybit Exchange’s Hot Wallet

Bybit CEO Ben Zhou disclosed in a tweet that a cold wallet of the exchange was hacked and it lost $1.4 billion.
  • Bybit CEO Ben Zhou disclosed in a tweet that a cold wallet of the exchange was hacked.
  • The wallet lost $1.4 billion (401,346.76 ETH) from a cold wallet (not hot wallet).
  • Masked user interface was used to make the wallet signers believe they were signing a transaction while the user tricked them to change the smart contract logic and drained the wallet.
Bybit CEO Shared Hack News
Bybit CEO Shared Hack News

Bybit CEO Ben Zhou disclosed the entire matter on Twitter. He said that an Ethereum multi-sig smart cold wallet was first to be compromised which sent an undisclosed number of crypto to a hot wallet.

The hack was one of the most sophisticated crypto hacks where masked user interface was used to manipulate original owners into believing they were transferring some crypto, while in reality the wallet sign changed the smart contract logic behind the mask. As a result, the hacker took ownership of the wallet and drained it.

Below is the full transaction detail of the hacked cold wallet. In total, the wallet lost around 401,346.77 ETH which is roughly equivalent to $1.4 billion. This might correspond to the entire Ethereum holding of Bybit.

The transaction that drained Bybit Exchange's Hot Wallet
Transaction That Drained Bybit Exchange’s Hot Wallet

The Bybit Hack Explained

First, the funds were transferred to the hot wallet using a “masked user interface”. This masked user interface showed the correct destination address on Ethereum that Bybit wanted to send to.

However, at the signing step, the UI showed a transfer sign, while in reality sign was actually to change the smart contract logic of the wallet.

Upon changing the smart contract logic, the user took control of the cold wallet and drained all the funds.

Bybit is Still Liquid, Most

Bybit CEO further added that his crypto exchange has enough crypto to honor all withdrawals. At present, all withdrawals on Bybit are taking place as usual. All Bybit deposits are backed 1:1 even if the hacked funds are never recovered.

As per the latest CoinMarketCap figures, Bybit had a reserve of $16.1 billion out of which 37.87% was in Bitcoin, and a little above $2 billion was in Ethereum(537,152 ETH). Therefore, we have enough reason to believe that Bybit had lost most of its Ethereum but not all. It still has 25.3% of its pre-hack Ethereum reserves.

Bybit 20 Feb 2025 Proof of Reserves Shows 537,152 ETH
Bybit 20 Feb 2025 Proof of Reserves Shows 537,152 ETH

Insider Involved?

There is a very high chance that the Bybit hack was indeed done by an insider because unlike hot wallets, the cold wallet which was hacked is not active all the times. It is only brought to life very few times per week.

This indicates that either the hacker was sure of the withdrawal time, or they had insider knowledge of when the cold wallet will become active.

Dhirendra Chandra Das
Dhirendra Chandra Das

Dhirendra is a professional with dual degree MBA specializations in Finance and Marketing. He has a keen interest in finance and crypto. Starting his investment journey in Finance since 2015, Dhirendra has more than 8 years experience in Traditional Finance and 3 years experience in Decentralized Finance.

Articles: 105

Related Posts