Coinspeaker
BREAKING: Bybit’s Ethereum Cold Wallet Hacked in $1.46B Breach—One of the Largest Ever
Cryptocurrency exchange Bybit has suffered a massive security breach, losing about $1.46 billion worth of Ethereum tokens. The stolen funds were taken from a cold storage wallet, which is supposed to be one of the safest ways to store digital assets. The hack ranks as one of the biggest crypto thefts ever recorded, showing that even highly secure wallets can have weaknesses.
Blockchain investigator ZachXBT was the first to flag the suspicious outflows from Bybit’s wallets. On-chain data revealed a methodical scheme in which mETH and stETH tokens were converted to
ETH
$2 636
24h volatility:
4.1%
Market cap:
$317.13 B
Vol. 24h:
$30.91 B
through decentralized exchanges.
The breach came to light when Bybit’s CEO confirmed the incident. He stated that the attackers had used a technique involving a “musked” transaction method. That trick led the team to approve transfers that looked normal, allowing hackers to gain control of an important offline wallet.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
Fake UI and Malicious Code Used in Heist
Attackers executed a highly sophisticated scheme by designing an interface that mirrored the Safe wallet management platform. They replicated accurate address details and verified URLs to deceive Bybit’s security team. Transactions appeared legitimate, prompting the team to unknowingly authorize malicious code that altered the wallet’s smart contract logic.
“It appears that this specific transaction was masked. All the signers saw the masked UI, which showed the correct address, and the URL was from Safe,” Zhou stated.
This modification allowed the hackers unrestricted access to Ethereum holdings, leading to the theft of 401,347 ETH ($1.12 billion), 90,376 stETH ($253 million), 15,000 cmETH ($44 million), and 8,000 mETH ($23 million). The total sum of stolen assets reached nearly $1.46 billion.
mETH and stETH tokens were swapped for ETH. Source: Etherscan
Despite the massive loss, Bybit quickly reassured its users that the breach was limited to a single cold wallet. The company stated that its other cold storage facilities, hot wallets, and warm wallets remain secure. Withdrawal functions across the platform also continue to operate normally.
Security teams collaborated with blockchain forensic experts and partners to track stolen assets. Bybit shared a transaction link via Etherscan, urging the crypto community to assist in tracing the funds. Meanwhile, ZachXBT reported that the hacker distributed 10,000 ETH across 39 addresses and called on exchanges and services to blacklist them.
“We have the plan to suspend or cancel withdrawals at the moment. We are still receiving all the withdrawal requests and in fact, 70% of them have been approved and processed,” said Zhou in a live stream on the bybit website.
Bybit CEO: “All Losses Can Be Covered”
Despite the gravity of the situation, Bybit CEO Ben Zhou reassured users of the exchange’s solvency. He stated that even if the stolen funds are not recovered, Bybit can cover the losses.
“Bybit Hot wallet, Warm wallet and all other cold wallets are fine. The only cold wallet that was hacked was ETH cold wallet. ALL withdraws are NORMAL,” Zhou emphasized.
While this reassurance helps stabilize user confidence, the attack marks one of the largest successful breaches of a crypto exchange’s cold storage system. It underscores the increasing sophistication of cyber threats targeting digital asset platforms.
Following news of the attack, Ethereum’s price took a hit, dropping nearly 5% within an hour to trade at $2,729.
BREAKING: Bybit’s Ethereum Cold Wallet Hacked in $1.46B Breach—One of the Largest Ever
