Bybit suffered the biggest crypto hack of all time as the exchange lost a staggering $1.4 billion in digital assets, sending shockwaves throughout the crypto ecosystem.
The hack triggered reactions from various corners. Elliptic’s Chief Scientist called the hack “the largest crypto theft of all time, by some margin.”
Bybit Suffers Largest Hack In History
The hack was noticed by on-chain investigator ZachXBT, who flagged suspicious outflows of over $1.4 billion from the crypto exchange. The investigator also listed addresses that were receiving the outflows. Meanwhile, Bybit reported an unauthorized Ethereum (ETH) transfer from its cold wallets due to masked UI spoofing accounts. However, the exchange assured its customers that all other wallets remained secure. Bybit CEO Ben Zhou took X to confirm the hack, stating that the exchange’s multisig cold wallet had been transferred to their warm wallet.
According to Zhou, the hackers musked this specific transaction as all the signers saw the masked UI, showing them the correct address and the URL were from the SAFE platform.
However, he added that the signing message was to change the smart contract logic of their ETH cold wallet, allowing them to take control of the specific ETH cold wallet they signed and transfer it to an unidentified address. Zhao also assured customers that other wallets were unaffected and that withdrawals were normal. He also called upon teams that could help track the stolen funds. Here is Zhou’s post in full,
“Bybit ETH multisig cold wallet just transferred to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI, which showed the correct address, and the URL was from @safe. However, the signing message was to change the smart contract logic of our ETH cold wallet. This resulted in Hacker taking control of the specific ETH cold wallet. We signed and transferred all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops. If any team can help us to track the stolen funds, it would be appreciated.”
Crypto Ecosystem Reacts
Elliptic’s Chief Scientist, Tom Robinson, called the hack the biggest crypto theft of all time by some distance, pointing out the next largest was the $611 million stolen from the Poly Network in 2021.
“This makes it the largest crypto theft of all time, by some margin. The next largest crypto theft would be the $611 million stolen from Poly Network in 2021. It may even be the largest single theft of all time. We’ve labeled the thief’s addresses in our software to help prevent these funds from being cashed out through other exchanges.”
Binance founder and former CEO Changpeng Zhao offered Bybit assistance and suggested pausing withdrawals.
“Not an easy situation to deal with. Suggest stopping withdrawals for a bit as a standard security precaution. Will provide any assistance if needed.”
Meanwhile, Arkham Intelligence offered a bounty to track down the individual or individuals responsible for the hack.
“We’ve created and funded a bounty to help identify the person or organization behind today’s [over] $1 billion Bybit hack. Submissions to this bounty will be shared with the Bybit team to support their investigation. Reward: 50,000 ARKM.”
ZachXBT later revealed that the Lazarus Group was responsible. Tron founder Justin Sun said they are closely monitoring the Bybit hack and would offer all assistance in tracking the relevant funds.
Bybit Remains Solvent
Bybit CEO Zhou assured customers the exchange remains solvent even if the stolen $1.4 billion is not recovered, adding that all client funds are covered 1 to 1, and the exchange can cover all losses. Data from CoinMarketCap shows the exchange had reserve assets worth $16.2 billion before the hack. The stolen funds account for around 8.60% of the platform’s reserves.
“Bybit is Solvent, even if this hack loss is not recovered, all of the client assets are 1 to 1 backed. We can cover the loss.”
Flashbots strategy head Hasu also stated that despite the scale of the hack, it would not lead to the demise of Bybit, assuring followers the exchange was good for the money.
“If you want my serious take, Bybit has way more than 1.4 billion in revenue per year. They are good for the money and will make all customers whole. It doesn’t matter for ETH because Bybit will honor customers’s ETH liabilities and buy back the assets on the open market.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
