Nearly $1.5 billion in tokens lost in Bybit crypto exchange hack

Bybit, a cryptocurrency exchange, said it was hacked Friday, leading to an estimated $1.5 billion worth of tokens being stolen, amounting to what is estimated to be the largest crypto heist.

Ben Zhou, chief executive officer of Bybit, posted on X, formerly Twitter, that a hacker accessed one of the company’s offline Ethereum wallets, and removed the coins in a series of transactions.

“Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago,” Zhou wrote in his post. A cold wallet is a cryptocurrency wallet that is not connected to the internet. “It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe.”

“However, the signing message was to change the smart contract logic of our ETH cold wallet,” Zhou said. “[The] hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address.” 

In a post from the company’s account, Bybit assured customers that all other cold wallets are secure and all withdrawals are normal. 

“Transparency and security remain our top priorities, and we will provide updates asap,” the company said.

The CEO in a follow up post said the exchange remains solvent and all assets are one to one backed, adding “we can cover the loss.”

Crypto analyst ZachXBT in a post on Telegram estimated $1.46 billion worth of crypto assets – primarily Ethereum and staked Ethereum – were stolen from the exchange and split between 39 different addresses. Arkham Intelligence confirmed these numbers. If these sources are accurate, this theft would eclipse the 2022 hack of the Ronin Network, a blockchain network supporting the video game Axie Infinity, where nearly $625 million in Ethereum and USDC was lost, and the Poly Network hack the year prior in which $611 million was taken.

The Bybit hack highlights the concerns some have with integrating cryptocurrencies and traditional financial institutions, as well as the hesitancy some larger banks feel towards embracing the sector. It also calls into question the idea that cold wallets unconnected to the internet are safe from attack.

Bybit, founded in 2018, is based in Dubai and not available in the U.S. It’s one of the largest crypto exchange platforms in the world and processes more than $36 billion in trades daily on average. 

“When it comes to the ongoing debate of centralization versus decentralization, it’s always the offshore exchanges. You never see hacks of this magnitude on platforms like Coinbase,” said Dennis Dinkelmeyer, co-founder and CEO of Midas, a trading app focused on transparency. “This latest exploit of $1.4 billion on Bybit is a major blow to the industry and a reminder that we need real improvements.”

Dinkelmeyer said the hack is a reminder of the need for established and well-regulated markets.

“The hack exposes serious vulnerabilities, especially when dealing with offshore operations that lack the regulatory oversight of more established markets,” Dinkelmeyer said. “This is a wake-up call — the industry can no longer afford to ignore these weaknesses.”

Washington, D.C. is currently mired in a policy debate over how to best regulate cryptocurrencies and crypto markets. President Donald Trump has vowed to be the first “crypto president” and promised he’d make the U.S. the “crypto capital of the planet.” Weeks into his second term, the president has put forward several crypto-friendly policies. 

Trump signed an executive order early in his term outlining his administration’s goals for the development and use of cryptocurrencies in the U.S. The order established a working group led by White House crypto czar David Sacks, a venture capitalist, to focus on proposing digital asset regulation.

“Regulation is meant to protect consumers by enforcing strict security and compliance standards,” Dinkelmeyer said. “While hacks can happen to any platform, strong security requirements can reduce the risks. More importantly, regulated exchanges have to follow rules around consumer protection and asset reserves, which helps prevent losses for customers.”

Arkham announced a reward of 50,000 ARKM tokens (the equivalent of over $31,700 in U.S. dollars as of Friday afternoon) for anyone who can help identify the person or organization behind the attack.