A major security breach has rocked Bybit crypto exchange, as its Ethereum multisig cold wallet has fallen victim to a sophisticated hack. The breach has led to the theft of an estimated $1.5 billion in digital assets, leaving the crypto community on edge. Reports suggest that the hackers manipulated the wallet’s signing process using a forged UI, which appeared legitimate to the wallet signers.
The interface, which seemed to come from Safe, displayed the correct transaction details. However, the hidden message altered the smart contract logic, enabling the attacker to take full control of the cold wallet. Ben Zhou, CEO of Bybit, shared about the hack stating, “This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure.”
While the stolen funds are already being swapped, Bybit assures customers that all other cold wallets are safe and that withdrawals are unaffected. The company is working with relevant authorities to track the stolen assets and resolve the situation.
According to Zhou, the attackers used a masked UI exploit that tricked the wallet signers into approving a malicious transaction. The compromised transaction interface displayed the correct address and a URL linked to safe, misleading the team into unknowingly authorizing the transfer. Once signed, the hacker gained control of the wallet and moved all ETH holdings to an unidentified address.
Despite the breach, Bybit assured users that all other cold wallets remain secure and that withdrawals are functioning normally. According to major Web3 analytics firms like Cyvers Alerts and Arkham Intelligence, the alleged hackers exploited over 401,346 ETH tokens worth over $1.1 Billion in value along with other assets.
To address the situation, Bybit’s security team is collaborating with blockchain forensic experts and partners to investigate the exploit and track the stolen assets. They have also provided a transaction link (
Etherscan) for further tracking and urged the community to assist in recovering the stolen funds.
The security breach follows an earlier $1.5 billion
suspicious activity alert issued by blockchain security firm Cyvers Alerts, which had flagged unusual transactions involving Bybit’s wallet.