Bybit, a leading cryptocurrency exchange, has suffered one of the largest security breaches in history, losing over $1.1 billion in Ethereum. The hack has sent shockwaves across the crypto market, with Bitcoin and Ethereum prices falling sharply.
Figure 1: Bybit, one of the biggest cryptocurrency exchanges, lost more than $1.1 billion in Ethereum in one of the biggest security breaches ever [created with DALL-E]
Bybit Hack: What Happened?
Bybit CEO Ben Zhou confirmed the breach on X, stating that hackers targeted the exchange’s Ethereum cold wallet. Over 401,000 ETH was transferred to an unknown wallet before being distributed across more than 40 different addresses.
- The first transaction involved ETH 30,000, but later transactions brought the total to over ETH 401,000.
- Hackers likely exploited vulnerabilities in Bybit’s multi-signature wallet system.
- The exchange paused all Safe transfers while investigating the breach.
Zhou explained that Bybit was conducting a routine transfer between its cold and hot wallets when the hack occurred. Despite security protocols, the hacker managed to gain access and execute fraudulent transactions.
Figure 2: Zhou stated that Bybit was performing a standard transfer between its cold and hot wallets when the breach took place. Despite security measures, the attacker infiltrated the system and carried out unauthorised transactions [created with Meta AI]
Bybit’s Response and User Funds
Bybit assured users that their funds remain secure despite the massive theft. Zhou stated:
“Bybit is solvent even if this hack loss is not recovered, all of clients’ assets are 1 to 1 backed, we can cover the loss.”
Bybit, which manages over $20 billion in assets, said it would cover the losses using its treasury or secure a bridge loan to ensure withdrawals remain unaffected.
Figure 3: Bybit CEO, Ben Zhou, stated: “Bybit is solvent even if this hack loss is not recovered, all of clients’ assets are 1 to 1 backed, we can cover the loss.” [LinkedIn]
Massive Withdrawals Following the Breach
Following the hack, Bybit saw a surge in withdrawal requests—nearly 100 times higher than normal. Zhou confirmed that the exchange processed 70% of these withdrawals within hours.
However, Ethereum withdrawals remain temporarily paused since the stolen funds were in ETH. Bybit secured a loan from partners to process Ethereum withdrawals separately.
How Did Hackers Strike?
Cybersecurity firm Cyvers provided insights into the attack. They believe:
- Hackers deployed a malicious contract two days before the breach.
- The malware intercepted legitimate transactions and tricked Bybit signers into approving a fraudulent smart contract change.
- The attacker re-implemented the safe wallet and took control without needing further signatures.
Market Impact: Bitcoin and Ethereum Prices Fall
The Bybit hack triggered a sharp decline in the crypto market, causing Bitcoin and Ethereum to drop significantly.
Bitcoin (BTC) Price Update
- Bitcoin is currently worth A$151,479, down 3% in the last 24 hours.
- BTC has declined 6% over the past week and 7.4% in the last 30 days.
Figure 4: Bitcoin Price Fluctuations in the last 24 hours [CoinGecko]
Ethereum (ETH) Price Update
- Ethereum is trading at A$4,208.37, down 9% in the last 24 hours.
- ETH has fallen 1% over the past week and 18.1% in the last 30 days.
- In the past 24 hours, A$53.9 billion worth of Ethereum has been traded.
Figure 5: Ethereum Price Fluctuations in the last 24 hours [CoinGecko]
The decline in Ethereum’s price is directly linked to the Bybit hack, as the stolen funds consisted entirely of ETH.
Industry Reactions to the Bybit Hack
Bybit is one of the largest cryptocurrency exchanges, with over 60 million users worldwide. The hack has raised concerns over security vulnerabilities in crypto platforms.
- Former Binance CEO Changpeng Zhao suggested that Bybit should pause withdrawals to prevent further losses.
- Security analysts warn that hackers may attempt to launder the stolen ETH through decentralized finance (DeFi) platforms.
Despite the breach, Bybit has reassured its users:
“Bybit is solvent even if this hack loss is not recovered, all of clients’ assets are 1 to 1 backed, we can cover the loss.”
Crypto Market Liquidations Surge
The hack also triggered a wave of liquidations across the crypto market.
- The total liquidated positions exceeded $600 million in the past 24 hours.
- A single trader lost $45.8 million in one liquidation order.
The crash affected major altcoins like XRP, DOGE, and ADA, which dropped by over 6% in the last 24 hours.
Historical Crypto Heists
The Bybit hack surpasses previous record-breaking crypto thefts.
- Ronin Network (2022): $620 million stolen in Ethereum and USD Coin.
- Gox (2014): $350 million lost, leading to bankruptcy.
- Binance (2019): $41 million stolen in a security breach.
Bybit’s losses now mark the biggest crypto hack ever recorded.
Next Steps for Bybit
Bybit is working with law enforcement agencies and blockchain security firms to track the stolen funds. The exchange remains confident in its financial stability and ability to recover from the attack.
Zhou reiterated that since all of the clients’ assets are backed one-to-one, Bybit is solvent and can cover the loss of the clients even if the loss by the hack is not recovered.
The company now focuses on strengthening its security systems and restoring investor confidence.
