The cryptocurrency exchange Bybit was reportedly hacked last night, resulting in the theft of approximately $1.47 billion worth of ETH and stETH, which immediately sparked a frenzy in the community. This incident is understood to be the largest hack in the history of cryptocurrency. As for the details of the incident and its potential impact on users and the market, Dongqu has compiled a series of key points for readers to quickly understand.
(Background: Three Arrows’ Zhu Su: The “ETH Panic Short Narrative” from the Bybit Hack Incident May Drive Ethereum Prices to New Highs)
(Additional context: Internal issues at Bybit? Security experts suspect North Korean hacker group Lazarus may have infiltrated the computers of exchange employees to gain multi-signature wallet access.)
Last night (21st), it was reported that Bybit’s cold wallet experienced an abnormal transfer of a large amount of ETH and stETH to an unknown hot wallet, valued at approximately $1.47 billion, igniting community alarms. Multiple on-chain analysts and researchers tweeted warnings after 11 PM, and at 11:44 PM, Bybit CEO Ben Zhou confirmed the hack.
Ben Zhou stated that the hackers forged multi-signatures to take control of specific ETH cold wallets signed by Bybit and transferred all the ETH from these cold wallets to an unknown address. He reassured users that all other cold wallets are secure and that withdrawals from the exchange remain normal. Furthermore, Ben Zhou mentioned that even if the losses from this hacking incident cannot be recovered, all customer assets remain 1:1 backed, and Bybit can absorb this loss.
Complete reading » Breaking News » Bybit Exchange Hacked! $1.47 Billion in ETH Transferred Abnormally, Official: Withdrawals Remain Normal
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe. However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
CZ Suggests Bybit Suspend Withdrawals, Community Outrage Ensues
Zhou’s confirmation triggered immediate panic in the market, leading to a surge of withdrawal requests from Bybit users. The loss of $1.47 billion in ETH could potentially create a significant financial gap for Bybit in the short term, resulting in more severe liquidity issues (such as halting withdrawals and locking related assets). Some community users speculated that if not handled properly, this could turn into a repeat of the FTX saga.
Binance founder Zhao Changpeng (CZ) also provided his personal advice:
“This is not an easy situation to handle. It may be advisable to temporarily suspend all withdrawals as a standard safety precaution. If needed, I can offer assistance. Good luck! ”
However, the community largely viewed CZ’s suggestion to suspend all withdrawals as detrimental, criticizing that it might lead to a larger bank run by users. In response, the real-time news and algorithmic trading operator “Formula News” provided the Bybit CEO with the following three recommendations:
1. Do not stop user withdrawals, as it would accelerate a bank run. You can slow down the process but must not stop it to avoid triggering panic.
2. Publicly show Bybit’s balance sheet and indicate that you have sufficient funds to cover the losses from the hack.
3. When needed, reach out to major companies like Tether (instead of the CEOs of competing exchanges). $1.5 billion is not a huge issue during this cycle; manage it well and save us all.
Complete reading » Binance’s CZ: “Getting hacked for $1.5 billion is serious; I suggest Bybit suspend withdrawals. I can help if needed.”
Funding Gap Reaches 500,000 ETH; How Will Bybit Fill It?
According to Arkham data, after the hack, the hackers liquidated assets worth approximately $1.34 billion in ETH (499,395 ETH) and $42 million in cmETH (15,000 ETH), distributing the funds across 53 addresses. While the hackers hold a substantial amount of ETH, they cannot sell it on the market in a short period, providing some relief to market investors.
However, facing a funding gap of 500,000 ETH, how will Bybit fill this void? In a live stream early this morning, Bybit’s CEO stated:
“We will not purchase ETH to fill the gap. We are currently obtaining bridge loans (a type of short-term loan used to help with transition periods) through partners to cover the stolen losses and have already secured nearly 80% of the stolen liquidity (ETH).”
Nevertheless, community KOL Feng Wu questioned via tweet that only Binance or a consortium of institutions could lend such a large amount of ETH to Bybit. Considering Bybit’s past reputation issues, Feng Wu expressed skepticism about whether institutions would be willing to assist:
“Bybit says it is borrowing ETH instead of buying ETH. But in the end, it still has to be repaid, and Bybit’s annual profit is less than $1.5 billion.
Who else could lend 400,000 ETH (approximately the amount stolen is around 500,000)? It could only be Binance (BN) or a consortium of institutions coming to the rescue. Yes, relying on a single institution won’t work; several institutions need to step in together.
However, given Bybit’s previous issuance of Bit, which heavily cut retail investors and failed to fulfill promised contract revenues, I personally believe Bybit does not have a good reputation among institutions.
Currently, Binance is the number one spot exchange, and the rising Bybit is second. So do you think anyone will step in to help?”
However, data from SosoValue and the latest monitoring from the on-chain security team TenArmor show that Bybit has seen inflows of over $4 billion in the past 12 hours, enough to cover the $1.47 billion stolen loss. These inflows also include significant transfers of ETH from Bitget, MEXC, and related institutions and individuals.
Complete reading » Bybit Needs to “Borrow 500,000 ETH” to Weather the Storm? KOL: Only Binance and Institutional Coalition Remain.
Who Are the Hackers and What Attack Methods Were Used?
As for the true identity of the hackers, on-chain investigator ZackXBT confirmed in a series of submissions that the main culprit behind the incident is the North Korean hacker organization “LAZARUS GROUP.”
Additionally, regarding the attack methods used in the hack, security expert Yu Xian from SlowMist stated that the attackers first deployed a malicious contract on February 19 and then on February 21 exploited the three owners of the Bybit Safe multi-signature wallet to replace the Safe contract with the malicious contract, ultimately executing the operation through the malicious contract to steal funds from the Bybit wallet.
The cold wallet team OneKey added that the hackers likely confirmed that the three multi-signature computers of Bybit had been compromised and were in an attackable condition, and replaced the signing content during the daily transfer signings of the multi-signature personnel.
Complete reading » Internal Issues at Bybit? Security Experts Suspect North Korean Hacker Lazarus May Have Infiltrated the Computers of Exchange Employees to Gain Multi-Signature Wallet Access.
Details of the Bybit Safe Multi-Signature Hack:
The malicious implementation contract was deployed at UTC 2025-02-19 7:15:23
0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516
The attackers used the three owners to sign a transaction to replace the Safe implementation contract with a malicious contract at UTC 2025-02-21 14:13:35… https://t.co/kGcwJO01f0
— Cos (Yu Xian) ️ (@evilcos) February 21, 2025
The Hacker Surpasses Vitalik and the Ethereum Foundation to Become the “14th Largest” Ethereum Holder
Notably, according to Coinbase executive Conor Grogan’s tweet, the amount of ETH stolen by the Bybit hacker (nearly 500,000 ETH) has made them the 14th largest ETH holder in the world:
“The Bybit hacker (most likely North Korean) is now the 14th largest ETH holder in the world. They hold about 0.42% of the total ETH supply (approximately 120 million ETH), more than Fidelity, Vitalik, and even more than twice the amount held by the Ethereum Foundation.
According to Arkham data, Ethereum founder Vitalik Buterin holds approximately 240,000 ETH, valued at about $643 million; Fidelity’s custodian wallet holds 334,000 ETH, valued at about $843 million; and the Ethereum Foundation wallet holds 223,000 ETH, valued at about $596 million. Interestingly, the amount of ETH held by the Ethereum Foundation is actually less than that of Vitalik.
Complete reading » Internal Issues at Bybit? Security Experts Suspect North Korean Hacker Lazarus May Have Infiltrated the Computers of Exchange Employees to Gain Multi-Signature Wallet Access.
The Bybit hacker (Most likely N.K.) is now the 14th largest ETH holder in the world. They hold roughly 0.42% of total supply, more than Fidelity, Vitalik, and 2x + what the Ethereum Foundation holds. pic.twitter.com/ZMGY2Bx1B3
— Conor (@jconorgrogan) February 21, 2025
