Bybit has fully restored its withdrawal system after some delays after a historic hack that targeted its Ethereum cold wallet. The exchange is now processing all withdrawal requests without delays or amount restrictions, according to a statement from Ben Zhou, the company’s CEO. “12 [hours after] the worst hack in history. ALL [withdrawals] have been processed. Our [withdrawal] system is now fully back to normal pace, you can withdraw any amount and experience no delays. Thanks for your patience and we are sorry that this has happened,” Zhou wrote on X on Friday night.
Bybit will release a comprehensive incident report and security measures in the coming days, Zhou stated, noting that he ensures the crypto community remains informed of any new updates. “Thanks to all the clients, friends and partners who have helped and supported us during this excruciation 12 [hours],” Zhou added. “The real work has just now started.”
On Feb. 21, blockchain sleuth ZachXBT flagged suspicious crypto transfers originating from Bybit. Initial analysis indicated the unauthorized withdrawal of approximately 400,000 ETH, 90,000 stETH, 15,000 cmETH, and 8,000 mETH, with estimated losses totaling $1.4 billion.
The funds were transferred to an address beginning ‘0x4766.’ The actor then used decentralized exchanges (DEXs) to convert stETH and cmETH to ETH. On-chain data also revealed that a transfer of 90 USDT was conducted by the actor, now identified as the Bybit exploiter, before the big fund drain, suggesting a preliminary test transaction.
Bybit confirmed the breach shortly after its discovery. In an X post, CEO Zhou stated that an ETH multisig cold wallet was compromised, but reassured users that other cold wallets remained secure. According to him, Bybit executed a transaction from their ETH cold wallet to a warm wallet around one hour prior to the incident. The transaction unfortunately was manipulated, wherein the user interface presented to the signers was falsified. The signers were presented with a UI that displayed the correct destination address and utilized a legitimate URL associated with Safe. However, the signing message associated with the transaction was maliciously altered.
This altered message instructed the smart contract logic of the ETH cold wallet to be modified, thereby granting the attacker unauthorized control, Bybit CEO explained. On their official X page, Bybit also issued a statement clarifying the issue. The team said they were collaborating with leading blockchain security specialists and industry experts to determine the incident’s root cause and recover the stolen funds. Less than two hours after the hack, Arkham Intelligence reported that the Bybit exploiter transferred around $1.3 billion to 53 addresses. Despite massive losses, Zhou asserted that “Bybit is solvent.”
BitMEX Research did a quick calculation using Bybit’s public reserve data. The team concluded that the exchange has enough reserves to cover its obligations to its users, despite the large amount of stolen funds. Zhou also conducted a live stream on X to address ongoing concerns surrounding users’ funds. During the stream, he said that Bybit secured a bridge loan equivalent to 80% of the stolen funds from undisclosed partners. The exchange does not plan to repurchase the stolen ETH on the open market to avoid causing a sudden price surge, Zhou explained, noting that Bybit would use its reserve funds to cover all losses if necessary, guaranteeing the protection of user assets.
Zhou added that the hacker would face difficulties selling the stolen ETH, as most major trading platforms have limited liquidity and can implement transaction-blocking measures. Industry figures and members of the crypto community have rallied behind Bybit, pledging their aid in the aftermath of the security breach. Changpeng ‘CZ’ Zhao, the former Chief Executive Officer of Binance, and Justin Sun, the founder of the Tron blockchain, have indicated their intent to offer support.
