Dubai-based cryptocurrency exchange Bybit has suffered what is being termed as the largest breach in the crypto industry’s 15-year history.
Attackers have stolen over $1.4 billion worth of ETH from the exchange’s cold wallet.
The Hack and its Scale:
The hack was conducted by exploiting a “masked” UI and URL that prompted wallet signers to unintentionally approve a malicious transaction. Attackers then altered the smart contract logic to control and drain funds from the ETH cold wallet, Bybit co-founder and CEO Ben Zhou has confirmed, although further investigation is underway.
The stolen ETH alone represents in value more than 60% of all crypto funds that were stolen in 2024, according to Cyvers data.
According to Elliptic’s chief scientist and co-founder, Tom Robinson, the breach may not only be the largest crypto heist ever, but “ It’s also potentially the largest single theft of any kind, ever”.
Onchain analyst ZachXBT has identified North Korea’s Lazarus Group as behind the hack.
Market Reaction and Industry Support:
ETH initially dropped 4.2% after the hack came to light but rebounded 3.36% on speculation of a buyback. Sentiment, however, turned bearish after Bybit secured a bridge loan, reducing buyback expectations.
The 53 wallets with the stolen ETH are being monitored, making it unlikely for ETH offloading by hackers to be possible or preferable, especially under current market conditions.
Industry solidarity was on display as Bybit CEO Ben Zhou thanked Antalpha Global, Bitget, Pionex, MEXC, SoSoValue, Galaxy Digital, FalconX, Lido Finance, the Solana Foundation, the Ton Foundation, Ghaf Capital, Fenbushi, Bitvavo, and Tether for their support. Bitget was one of the first companies’ to loan Ether to Bybit to aid with the crisis.
Continued Withdrawals :
Further, Hacken, Bybit’s independent proof-of-reserves auditor, confirmed that Bybit’s reserves exceed its liabilities.
Zhou also confirmed that withdrawals were functional and that Bybit is solvent even if this hack loss is not recovered. According to a post by Zhou, over 99% of the 350k+ withdrawal requests, most ever received, have been successfully completed.
The incident has brought to light that as value locked in platforms grow, so does the sophistication of these attacks. The SEC’s new Cyber and Emerging Technologies Unit must play a key role along with alike enforcement bodies to ensure that security concerns dont present unbreakable hurdles to mainstream adoption
