Bybit, one of the leading cryptocurrency exchange platforms based in Singapore, has confirmed that it has suffered a hack on an unprecedented scale. According to its CEO, Ben Zhou, more than $1.4 billion in ETH was stolen from a cold wallet on the exchange. Although withdrawals remain functional at the time of writing, this attack already ranks among the largest frauds in cryptocurrency history.
The attackers' modus operandi relies on sophisticated manipulation of Bybit's multisig signatures. The CEO explained that the wallet's signatories approved an apparently legitimate transaction, displaying a correct address on the user interface, but which in reality altered the logic of ETH's cold wallet smart contract. A technique called 'musking', or URL camouflage, was reportedly used to fool the signatories.
Thus, the hackers took control of the cold wallet, draining it of its contents in a single transaction to an unknown address.
After recovering the funds, the cybercriminals quickly fragmented the assets into multiple transactions to different wallets. The data shows that the initial address that received the funds collected more than 400,000 ETH (approximately $1.1 billion), as well as significant amounts in stETH, cmETH and cETH.
Within an hour of the attack, these funds were redistributed to three other wallets, before being broken down into numerous smaller addresses. Several disbursements were made on decentralised exchange platforms such as Uniswap, Paraswap and KyberSwap, in a likely attempt to launder the funds.
Bybit assures that customer funds are safe Despite the scale of the losses, Bybit was keen to reassure its users. According to Ben Zhou, "Bybit remains solvent even if the stolen funds are not recovered. All customer assets are covered 1:1."
According to BitMEX Research , around 75% of Bybit users' ETH deposits have reportedly been emptied, although the platform still holds more than $20 billion in other cryptocurrencies, including nearly $6.9 billion in Bitcoin, $4.1 billion in USDT and $1.2 billion in ETH. To bolster its liquidity, Bybit transferred $560 million in USDT from a cash wallet to a hot wallet.
No contagion yet, Ethena reacts Despite the scale of the attack, no major contagion has been observed on other ecosystems linked to Bybit. Ethena, the issuer of USDe, confirmed that 21% of its stablecoin collateral is used on Bybit but said that all spot assets used as collateral are stored off-platform via Copper Clearloop. None of the reserve dollars are directly on any exchange, including Bybit.
According to Ethena , there is currently less than USDe30 million of unrealised NPL linked to hedge positions on Bybit, less than half of their reserve fund. "USDe remains fully collateralised at this stage," said the platform, which continues to monitor the situation.
>> Read Ethena's fundamental analysis
North Korean group Lazarus identified The responsibility of Lazarus, a notorious North Korean hacker group, was quickly identified by the blockchain investigation led by ZachXBT. Investigators identified 53 wallets containing the stolen funds. From now on, they will have to be followed when the hackers try to move them in the hope of laundering them.
The 10 biggest hacks in crypto history Bybit (2025) - $1.4 billion : Another entry at the top of the list of biggest losses in crypto history.Ronin Network (Axie Infinity) - $620 million (2022): The Ronin bridge, used by the Axie Infinity game, was exploited by the North Korean group Lazarus. Hackers compromised private keys to execute fraudulent transactions, draining the bridge's funds.Poly Network - $611 million (2021): A hacker exploited a flaw in the Poly Network multi-chain protocol, allowing him to embezzle more than $600 million. However, in a surprising turn of events, the attacker returned almost all of the funds.Binance Smart Chain Bridge - $570 million (2022): An exploit on the Binance Smart Chain bridge allowed the attacker to create and withdraw fraudulent BNBs. Binance managed to limit the damage by suspending the blockchain temporarily.FTX - $415 million (2022): Just after FTX went bankrupt, the platform was hacked, causing $415 million to disappear. The hack took place while the company was in the midst of restructuring proceedings.Coincheck - $534 million (2018): Coincheck, a Japanese platform, lost 523 million NEM (XEM) after hackers compromised poorly secured hot wallets.Mt. Gox - $470 million (2014): The notorious hack of Mt. Gox, one of the first major crypto platforms, saw the disappearance of 850,000 BTC, much of which belonged to users.Wormhole - $326 million (2022): An exploit on the Wormhole bridge allowed attackers to mint 120,000 wETH without collateral and exchange them for other cryptos.Nomad Bridge - $190 million (2022): A flaw in Nomad's smart contract allowed anyone to withdraw funds from the bridge without verification, leading to mass looting.Bitmart - $196 million (2021): Hackers compromised private keys linked to hot wallets, allowing them to steal ETH and BSC funds.
Heading 1 Heading 2 Heading 3 Heading 4 Heading 5 Heading 6 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Block quote Ordered list
Item 1 Item 2 Item 3 Unordered list
Text link
Bold text
Emphasis
Superscript
Subscript
