On February 21, 2025, cryptocurrency exchange Bybit experienced a significant security breach, resulting in the loss of over $1.4 billion in Ethereum tokens (ETH) from one of its cold wallets. The incident was first identified by on-chain analyst ZachXBT, who reported suspicious outflows totaling approximately 401,000 ETH (valued at around $1.4 billion) from Bybit's wallets to unknown addresses.

Bybit's co-founder and CEO, Ben Zhou, confirmed the breach, explaining that the attackers employed a sophisticated phishing technique. The perpetrators used a "masked" transaction, presenting a legitimate-looking user interface that deceived Bybit's team into authorizing a malicious transaction. This manipulation altered the smart contract logic of the targeted ETH cold wallet, granting the attackers control and enabling them to transfer the funds to unidentified addresses.

In response to the breach, Bybit assured its users that only one specific ETH cold wallet was compromised. All other cold wallets, as well as hot and warm wallets, remain secure. The exchange emphasized that withdrawals are proceeding normally, indicating that the stolen funds represent a portion of their overall reserves. Bybit has also reached out to the broader cryptocurrency community for assistance in tracking the stolen funds.

This incident underscores the persistent security challenges faced by cryptocurrency exchanges, even those employing advanced protective measures. The use of sophisticated phishing attacks highlights the need for continuous vigilance and the implementation of robust security protocols to safeguard digital assets.

Bybit's volumes by country are not public, but, per web traffic data, Russia is the top country accessing Bybit's website (20-40% according to different sources), with India in the top 5, with 4-6%.

In March 2024, Bybit surpassed Coinbase to become the world’s second-largest cryptocurrency exchange after Binance. The increase in global market share was largely attributed to Binance's lost positions, following its exit from Russia. Bybit restricts services in the United States, China, Hong Kong, and Singapore.

As the situation develops, Bybit has committed to providing updates and working closely with security experts to recover the stolen funds and prevent future incidents. We continue to Observe the situation.

Share this article
The link has been copied!