Singapore-Based Crypto Exchange Suffers Major Security Breach

Bybit, the Singapore-based centralised cryptocurrency exchange, has confirmed that it has been hacked, with early estimates indicating losses exceeding $1.4 billion worth of Ethereum (ETH) and other significant token quantities. The exchange’s CEO, Ben Zhou, revealed the breach on social media platform X, stating that the situation remains under investigation.

Hacker Gains Control of ETH Cold Wallet

According to Zhou, the breach occurred through a manipulated transaction in the exchange’s ETH multisignature (multisig) cold wallet. “Bybit ETH multisig cold wallet just made a transfer to our warm wallet about one hour ago. It appears that this specific transaction was masked. All the signers saw the masked UI, which showed the correct address, and the URL was from Safe. However, the signing message was to change the smart contract logic of our ETH cold wallet,” he explained.

Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…

— Ben Zhou (@benbybit) February 21, 2025

As a result, the attacker gained control of the compromised ETH cold wallet and transferred all its holdings to an unidentified address. Zhou reassured users that all other cold wallets remained secure and that withdrawals were functioning normally.

Scheduled Maintenance Announced

On Tuesday, Bybit announced that it would be conducting scheduled maintenance on its live servers, extending into the following day. While the company has not directly linked the maintenance to the hack, the timing suggests an effort to bolster security measures in the wake of the breach.

On-Chain Data Reveals Attacker’s Actions

Blockchain data suggests that the hacker gained access to Bybit’s hot wallets and used them to swap staked ETH (stETH) for ETH, as well as to redeem mETH. The full scope of the attacker’s activity is still being assessed as investigators track the movement of stolen funds.

Call for Assistance in Fund Recovery

Zhou has urged cybersecurity experts and blockchain investigators to assist in tracking the stolen funds, asking the crypto community for support. “If any team can help us track the stolen funds, it will be appreciated,” he posted on X.

Bybit’s confirmation of the attack underscores the persistent security challenges faced by centralised exchanges. As investigations continue, users and industry stakeholders await further updates on the exchange’s response and potential recovery efforts.