Coin prices are falling Friday following confirmation that major centralized crypto exchange Bybit was hacked after $1.4 billion worth of tokens were stolen in a hack.
More than $1.4 billion worth of Ethereum (ETH) and stETH were withdrawn from Bybit’s hot wallet on Friday, and a large chunk of the funds were being sold via decentralized exchanges.
Bybit co-founder CEO Ben Zhou confirmed the attack in a post on X (formerly Twitter), saying that a planned transfer was manipulated in some way and that the funds were swiped.
“However, the signing message was to change the smart contract logic of our ETH cold wallet,” said Zhou. “[The] hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address.”
“All other cold wallets are secure. All withdraws are NORMAL,” Zhou added.
Ethereum is down nearly 3% on the hour to a current price of $2,727, while Bitcoin has dipped by nearly 1% to $98,091.
Ahead of Zhou’s post, noted pseudonymous security researcher ZachXBT wrote in his Telegram channel that there were “suspicious outflows” from Bybit and that a source confirmed to him that it was a “security incident.”
He has since added that ETH is being split between 39 different addresses as the attacker apparently tries to muddle the flow of the funds to make them harder to track.
“Bybit detected unauthorized activity involving one of our ETH cold wallets,” the exchange wrote on X. “The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
Soon after, Zhou assured customers and the industry that it will be able to contend with the loss.
“Bybit is solvent even if this hack loss is not recovered,” he wrote. “All of clients’ assets are 1-to-1 backed, we can cover the loss.”
Editor’s note: This story is developing and will be updated with additional details.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
