On Feb. 21, the crypto trading platform stated on social media platform X that it detected unauthorized activity involving one of its Ethereum cold wallets.
According to the firm:
“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic.
As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
While the exchange did not reveal the total amount stolen, on-chain data shows that the attacker siphoned 401,346.76 ETH (worth approximately $1 billion).
Meanwhile, blockchain analysis firm Lookonchain stated that the stolen assets involved around $1.5 billion in different assets, including staked Ethereum.
The platform added that the suspicious address has already begun swapping the stolen funds for ETH.
ByBit still operating
ByBit stated that all of its operations are still “normal” and that it was investigating the incident.
The exchange said:
“Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.”
Meanwhile, Ben Zhou, ByBit’s CEO, corroborated the situation while emphasizing that:
“Bybit Hot wallet, Warm wallet and all other cold wallets are fine. The only cold wallet that was hacked was ETH cold wallet. ALL withdraws are NORMAL.”
