In a shocking turn of events, the cryptocurrency exchange Bybit has been hit with what is reported to be its largest hack yet, sending ripples across the crypto community. On X, Bybit's CEO, Ben Zhou, announced the staggering figure of 401,000 Ethereum (ETH), valued at $1.1 billion, was siphoned off from one of the company's cold wallets. This unexpected breach took place despite the established protocols intended to safeguard these assets.
The Hack: What Went Down
During a routine transfer from cold storage to a more accessible hot wallet, attackers managed to intercept the process. The exchange relies on Safe.global's multi-signature technology for added security, tasking multiple parties with confirming transactions. Zhou himself was the final signer, and he assured everyone that all wallet addresses were verified through the Safe website. Even with these precautions, a hole was evidently exploited.
The stolen funds weren’t just sitting around. They were promptly moved to a fresh wallet before being dispersed among more than 40 others, each receiving chunks of approximately 10,000 ETH, or about $27 million. Given the massive amount of ETH involved, it’s no surprise the blockchain was abuzz. Investigation efforts have since flagged these wallets as 'Bybit exploiter' on Etherscan, giving the community a potential breadcrumb trail to follow.

Repercussions and Steps Forward
The ripples of this hack spread quickly, with Bybit seeing their withdrawal requests spike to nearly ten times the normal volume. Stress tests like this could cripple a lesser company, but with assets over $20 billion, Bybit’s solvency isn’t under direct threat. Zhou assured customers that their personal funds remain intact and assured with a 1:1 backing.
However, ETH withdrawals are, for the moment, unavailable. A bridge loan has been secured to ease this particular bottleneck, allowing the exchange to facilitate these withdrawals until the backlog is cleared and normal functions resume.
As for the perpetrators? It’s not entirely apparent yet whether the hack originated from an external phishing campaign targeting the multi-signature wallet signers or if there’s an inherent vulnerability within Safe.global's platform itself. What is clear is that Bybit has suspended any further transactions involving these wallets while a thorough investigation is conducted. Meanwhile, attention remains focused on addressing any technical gaps and reaffirming user confidence in their platform.
In an ecosystem where security is paramount, this incident is a poignant reminder for exchanges and users alike to remain vigilant and continually innovate their security practices.
Post Comments (16)
Great to see the community pulling together after the Bybit breach. The quick response from the team is reassuring.
The incident underscores the inherent risks associated with custodial solutions. While multi‑signature wallets add layers of security, they are not infallible. Stakeholders must reevaluate their risk management frameworks.
This hack is a slap in the face for every exchange that pretends to be secure!
From a protocol standpoint, the attack vector likely exploited a nonce replay in the Safe.global contract, bypassing the multi‑sig quorum and facilitating unauthorized state changes. The breach demonstrates that even sophisticated multi‑signature schemes can be subverted if key management is lax.
Bybit's recent breach is a stark reminder that even the most capital‑rich platforms can fall victim to sophisticated attackers. The loss of 401,000 ETH translates to over a billion dollars disappearing in a single malicious transaction. Such a large move inevitably triggers numerous on‑chain analytics tools which quickly flag anomalous activity. The attackers apparently leveraged the hand‑off between cold storage and hot wallet to insert themselves into the transfer flow. Even though Safe.global's multi‑signature scheme is designed to require multiple approvals a single compromised key can still open a backdoor. The fact that the final signer was the CEO raises questions about internal controls and key management practices. It is plausible that social engineering was employed to trick the signer into approving a malicious payload. Alternatively a zero‑day vulnerability in the Safe.global smart contract could have been abused. Regardless of the exact method the result was the same a massive outflow of ETH to dozens of fresh addresses. These addresses have already been tagged as "Bybit exploiter" on Etherscan allowing the community to monitor subsequent movements. Regulators will likely scrutinize Bybit's compliance and security protocols in the aftermath. Customers are understandably concerned about the safety of their own assets even if the exchange claims full backing. The temporary suspension of ETH withdrawals is a prudent step to prevent further loss. A bridge loan to cover the liquidity gap shows that Bybit has sufficient reserves to weather the storm. Ultimately this incident should drive the industry toward more robust decentralized custody solutions.
Wow, that’s wild! Hope they bounce back soon.
For anyone looking to protect their assets, consider using hardware wallets and keep private keys offline.
It’s a testament to how centralized platforms betray their users, a modern echo of the ages where power concentrates and the many suffer.
This hack feels like a gut punch 😢 the whole crypto world is shaken.
If you’re stuck, check out the latest withdrawal guide – it’s got step‑by‑step screenshots 😂.
Hang in there folks, we’ll get through this together.
i think the root cause might be a compromised key but not sure
Bybit should publish a full forensic report soon; transparency will help restore trust.
lol so like the blockchain never sleeps right?
Seriously? That’s the most shallow comment I’ve read, maybe focus on actual security flaws.
🤔 any thoughts on how the multi‑sig could be hardened against insider threats?