Bybit, one of the world’s leading cryptocurrency exchanges, has suffered a devastating security breach, losing approximately $1.4 billion worth of Ethereum (ETH) to hackers. The attack, confirmed by the company on Friday, has been labeled the largest cryptocurrency theft in history, raising urgent concerns about security in the digital asset industry.
Ben Zhou, Bybit’s CEO, disclosed that cybercriminals managed to steal around 401,346 ETH from one of the platform’s cold wallets—typically used for secure, long-term storage. The exchange detected the breach after noticing suspicious activity in the affected wallet.
Bybit explained that the attack exploited a vulnerability in its transfer mechanism, allowing hackers to manipulate a transaction from the cold wallet to a warm wallet. The attackers altered the underlying smart contract logic while keeping the displayed address unchanged, enabling them to redirect the entire balance to an unknown wallet.
In response to the attack, Bybit has launched an extensive investigation in collaboration with blockchain forensic firms and cybersecurity experts. The exchange is urging specialists in blockchain analytics to assist in tracking the stolen funds and identifying the perpetrators.
Bybit said in a statement, “Our security team, alongside leading blockchain forensic experts, is actively investigating the incident.”
However, “We welcome collaboration from any team with expertise in fund recovery,” the statement added.
Also Read:
- Apple Unveils iPhone 16e, Pre-Orders Begin February 21
- Google Unveils AI Co-Scientist to Help Researchers Generate Hypotheses and Plan Experiments
The $1.4 billion hack surpasses previous record-breaking crypto heists, including the $624 million Ronin Network breach and the $611 million Poly Network exploit. Cybersecurity expert Tom Robinson from Elliptic noted that this may be the single largest financial theft in history, surpassing even the biggest traditional bank heists.
Despite the security breach, Bybit has assured users that all other cold wallets remain secure and that operations will continue without disruption.
“Client funds are safe, and Bybit will maintain normal operations,” the company stated.
Bybit, headquartered in Dubai, United Arab Emirates, reportedly held around $16 billion in total assets before the attack.
The Bybit hack adds to a troubling trend of increasing crypto-related cybercrimes. According to Chainalysis, hackers stole approximately $2.2 billion in cryptocurrencies in 2024 alone, compared to $2 billion in 2023.
North Korea-linked hacking groups were responsible for $1.34 billion in crypto thefts across 47 incidents in 2024, a sharp rise from $660.5 million across 20 incidents in 2023.