Bybit’s Cold Wallet Hacked, Attackers Manipulate Transfer Mechanism

Cryptocurrency exchange Bybit recently fell victim to a highly sophisticated cyberattack, resulting in unauthorized access to its Ethereum (ETH) cold wallet. Bybit officials stated that the hackers used an advanced method to manipulate the transfer process from the ETH multi-signature cold wallet to the hot wallet. They altered the signing interface, making it appear as though the correct address was displayed, while the underlying smart contract logic was tampered with. Ultimately, the attackers gained control of the cold wallet and transferred the funds to an unknown address.

Security Team Launches Investigation, Seeks Blockchain Analysis Experts

Bybit emphasized that the company has already teamed up with experts and partners to fully investigate the incident. Additionally, they have reached out to the industry, inviting blockchain analysis teams capable of tracking fund flows to assist in recovering the assets as quickly as possible.

Cybersecurity expert Yu Xian noted that the attack resembles the typical tactics used by North Korean hackers, leading to the compromise of the multi-signature wallet.

Bybit Assures User Funds Are Safe, Operations Unaffected

Despite the hack, Bybit assured its users and partners that all other cold wallets remain secure, and all user funds are backed 1:1. The company’s operations continue as usual, unaffected by the incident. Bybit CEO Ben Zhou further emphasized that even if the losses from this hack cannot be recovered, the company has sufficient financial reserves to fully cover the losses, ensuring that user funds remain unaffected.

On-Chain Data: Over $1.4 Billion Drained!

According to Arkham, on-chain data shows that after the Bybit hack, over 1.4billioninETHandstETHwasobservedflowingoutoftheexchange,withsomefundsalreadybeingtransferredtonewaddressesandsold.Sofar,theattackershavesoldapproximately1.4billioninETHandstETHwasobservedflowingoutoftheexchange,withsomefundsalreadybeingtransferredtonewaddressesandsold.Sofar,theattackershavesoldapproximately200 million worth of stETH, further intensifying market concerns about the incident.

Hacker Fund Flow Tracking:

• Hacker Address: 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2
• Assets Sold: $200 million in stETH
• Total Outflow: $1.4 billion in ETH & stETH

Market Watch: Ethena (USDe) May Face Indirect Impact

Blockchain industry expert Yang Mindao pointed out that Bybit’s approximately $1.2 billion position in Ethena (USDe) could pose a challenge for custodians. However, as of now, the USDe exchange rate does not seem to have been significantly affected, and the market is closely monitoring further developments.

The Ethena protocol released a statement, noting that they are aware of Bybit’s current situation and will continue to monitor related developments.

According to the announcement, Ethena emphasized that all assets backing USDe are held in off-exchange custody, including through Copper ClearLoop on Bybit, to ensure asset security. They further clarified that no spot assets are held on exchanges, including Bybit.

Additionally, Ethena mentioned that the total unrealized profit and loss related to Bybit’s hedging positions currently stands at less than $30 million, accounting for less than half of its reserve fund. Therefore, USDe remains fully overcollateralized.

Ethena later updated that the 30millionunrealizedprofitandlosshasbeenreducedto30millionunrealizedprofitandlosshasbeenreducedto10 million and expects to reduce its unrealized exposure to Bybit to zero within an hour. According to the announcement, USDe is currently backed by $2 billion in highly liquid stablecoins, and users can redeem their funds at any time.

Relevant data can be viewed on Ethena’s transparency dashboard.

Bybit Commits to Transparency, Continues to Provide Updates

Bybit reiterated that transparency and security remain the company’s core values. They will continue to update the investigation progress and ensure the safety of all user funds. As blockchain analysis teams further track the hacker’s fund flows, the market is watching Bybit’s next steps and whether the incident will have a broader impact on the cryptocurrency market.