Bybit Reports Security Breach as Hackers Drain $1.4 Billion in ETH and mETH
Cryptocurrency exchange Bybit has reportedly lost over $1.4
billion in liquid-staked Ether (ETH) and MegaETH (mETH) due to a security
breach. The incident was flagged by onchain security analyst ZackXBT, who urged
users to blacklist addresses linked to the stolen funds, Cointelegraph reported.
Bybit Confirms Breach, Investigates Stolen Funds
Following the recent Bybit security breach, Cyvers Alerts
shared their findings on abnormal activity linked to the exchange.
“Our system has detected abnormal activity, including
suspicious behavior involving the Bybit Official wallet. Several wallets are
exhibiting highly suspicious patterns, and we are actively reaching out to the
exchange to warn them,” Cyvers Alerts shared on X.
🚨ALERT🚨Our system has detected abnormal activity, including suspicious behavior involving the @Bybit_Official wallet!Several wallets are exhibiting highly suspicious patterns, and we are actively reaching out to the exchange to warn them. The total affected assets are… pic.twitter.com/iAQqlgU4Rf
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) February 21, 2025
Bybit co-founder and CEO Ben Zhou acknowledged the hack. He
stated that a transfer was made from the exchange’s multisignature wallet to a
warm wallet about an hour before the breach was identified.
According to Zhou, the transaction appeared legitimate but
contained malicious code. He said the attackers altered the smart contract
logic, allowing them to drain funds. Zhou assured users that the exchange is
investigating the breach.
JUST IN: Bybit founder confirms $1.4 billion $ETH hack, asserts solvency even if losses remain uncovered. pic.twitter.com/8rE3KHrGRL
— Whale Insider (@WhaleInsider) February 21, 2025
“Please rest assured that all other cold wallets are
secure. All withdrawals are NORMAL. I will keep you guys posted as more
develops. If any team can help us to track the stolen fund will be appreciated,”
Zhou wrote.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
December Sees Decline in Crypto Theft
After months of rising crypto hacks and scams, losses
dropped in December 2024, marking the lowest monthly total of the year.
Blockchain security firms CertiK and PeckShield reported $29 million in losses,
a sharp decline from October’s peak.
Despite the decrease, notable incidents occurred, including
attacks on GemPad and LastPass users. CertiK recorded $28.6 million in losses,
down from $63.8 million in November. PeckShield reported $24.7 million in
hack-related losses, a 71% month-over-month decrease.
GemPad suffered the most significant exploit, with attackers
draining $2.1 million. FEG lost $1 million due to a cross-chain verification
error. Hackers also stole $12.3 million from LastPass users following a past
data breach, as reported by Finance
Magnates.
While December saw a decline, crypto-related thefts in 2024 totalled
$2.3 billion, a 40% increase from 2023 but lower than 2022’s $3.78 billion,
according to Cyvers’ Web3 Security Report.
This article was written by Tareq Sikder at www.financemagnates.com.