Bybit Suffers $1.4 Billion Crypto Hack in One of the Largest Recent Breaches

Massive Security Breach at Bybit Raises Alarm Across Crypto Industry

Bybit, one of the world’s largest cryptocurrency exchanges, has been hacked for more than $1.4 billion in liquid-staked Ether (stETH), MegaETH (mETH), and various ERC-20 tokens. The massive exploit was first spotted by onchain security analyst ZachXBT, who identified suspicious outflows from the exchange shortly after the attack occurred. 

He reported that a source confirmed to him that it was a “security incident” and later revealed that the stolen ETH was being split across 39 different addresses, an apparent attempt by the attacker to obfuscate the funds’ movement and evade detection.

More than $1.4 billion in Ethereum (ETH) and liquid staking derivatives were drained from Bybit’s hot wallet on Friday, with a substantial portion of the stolen assets quickly offloaded through decentralized exchanges. On-chain intelligence firm Arkham also flagged significant ETH and stETH outflows from the platform, corroborating the scale of the breach. 

Following the incident, ZachXBT urged users to blacklist addresses linked to the hacker, warning that the attacker was actively attempting to launder the stolen funds.

Bybit’s co-founder and CEO, Ben Zhou, confirmed the security breach and disclosed that the exploit stemmed from unauthorized activity involving one of the exchange’s ETH cold wallets. The exchange explained that the attack was executed when its ETH multisignature cold wallet initiated a transfer to a warm wallet. 

However, the transaction had been manipulated through a sophisticated attack that altered the underlying smart contract logic while displaying a legitimate address in the signing interface. This allowed the attacker to gain control of the affected cold wallet and siphon its holdings into an unidentified address.

Zhou revealed that the exploit had been carefully designed to appear as a routine transaction, with malicious source code embedded to alter the wallet’s smart contract mechanics. 

Despite the severity of the breach, he assured customers that all other cold wallets remained secure, and withdrawals were functioning normally. “Bybit is solvent even if this hack loss is not recovered, all of the client’s assets are 1-to-1 backed — we can cover the loss,” Zhou stated, emphasizing that customer funds remained unaffected.

The exchange later reaffirmed that its cold wallets were fully secure and that operations remained unaffected. However, the magnitude of the hack sent shockwaves through the crypto market, triggering a sell-off in Ethereum. The price of ETH fell more than 3% following confirmation of the breach before starting to stabilize, adding to broader concerns over security vulnerabilities in the industry. 

The attack adds to a growing list of major exchange breaches that have rocked the crypto space in 2024 and early 2025, underscoring persistent threats despite increasing security measures across platforms.

In February 2025, the crypto industry faced a surge in hacks and scams, impacting multiple platforms. Notably, ZkLend, a Starknet money-market protocol, was exploited on February 14, losing $9.5 million. Cybersecurity firm Cyvers revealed that the stolen funds were funneled through Ethereum and Railgun, but the latter returned the assets. 

Additionally, on February 5, Jupiter, a Solana-based DEX, and former Malaysian Prime Minister Mahathir Mohamad experienced social media exploits promoting fake memecoins. Eliza Labs founder Shaw Walters reported a hack of his X account, despite using two-factor authentication, which also disseminated scam links.

This article has been refined and enhanced by ChatGPT.