Bybit Hack: Unraveling the $1.5 Billion Security Breach and Its Aftermath

Bybit Hack

Bybit suffered a $1.5 billion hack on earlier today, when attackers exploited a vulnerability in an Ethereum cold wallet transfer. Despite the breach, Bybit reassured users that all funds remain backed 1:1, withdrawals are open, and security measures are being enhanced.

February 21st, 2025

The cryptocurrency industry faced a major shock earlier today when Bybit, one of the largest crypto exchanges, suffered an unprecedented security breach. Hackers managed to manipulate a routine Ethereum (ETH) cold wallet transfer, siphoning over 400,000 ETH and stETH, valued at more than $1.5 billion, to an unknown address.

This incident has been labeled as one of the biggest security breaches in crypto history, drawing immediate attention from the global crypto community, security experts, and rival exchanges. While Bybit has assured users that withdrawals remain open and that all funds are backed 1:1, the event has sparked discussions about crypto security, exchange vulnerabilities, and market impact.

Update Feb 24: Bybit fully restored their ETH holdings through purchases, loans and deposits. All users were able to withdraw funds throughout the incident. All exchange operations are back to normal! All customer assets are confirmed as fully backed.

In this article, we will break down what happened, Bybit’s response, how this affects the wider crypto market, and what lessons can be learned from this attack.

What Happened: The Anatomy of the Bybit Hack

At around 12:30 PM UTC on February 21, 2025, Bybit detected unauthorized activity in one of its ETH cold wallets during a scheduled transfer. This transfer was supposed to move Ethereum from Bybit’s ETH Multisig Cold Wallet to a hot wallet. However, an attacker manipulated the smart contract logic and masked the signing interface, gaining complete control of the wallet.

Key Details of the Hack:

  • Funds Stolen: Over 401,000 ETH and stETH, valued at $1.5 billion, were transferred to an unknown address.
  • Method of Attack: Hackers tricked Bybit’s security system by presenting a fake user interface to wallet signers, who unknowingly authorized the malicious transaction.
  • Comparison to Past Hacks: Security experts noted that the method was strikingly similar to the WazirX and Radiant Capital hacks in 2024, where blind signing was exploited.

Bybit CEO Ben Zhou quickly addressed the issue, reassuring users that the exchange remained operational and that all other wallets and client funds were safe.

“Hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdrawals are normal.” – Ben Zhou, Bybit CEO

Bybit’s Response: Immediate Action and Ongoing Investigation

Bybit acted swiftly to contain the damage and reassure users. The company’s security team, along with blockchain forensic experts, immediately began tracing the stolen funds.

Key Actions Taken by Bybit:

  • Ensured All Other Wallets Are Secure: Bybit confirmed that the breach was isolated to the ETH cold wallet, while BTC and other assets remain unaffected.
  • Withdrawals Remain Open: Unlike past exchange hacks that led to withdrawal suspensions, Bybit continued processing withdrawals, though users experienced delays due to the high volume of requests.
  • 1:1 Asset Backing & Liquidity Assurance: Bybit emphasized that it holds more than enough reserves to cover the loss, with its total assets exceeding $20 billion. If needed, the company stated that it would secure a bridge loan to ensure all user withdrawals are fulfilled.
  • Investigating the Root Cause: Security experts are analyzing a potential vulnerability in the Safe.global platform, which may have played a role in the attack.
  • Strengthening Security Measures: Bybit pledged to implement stricter wallet signing protocols and enhanced security measures to prevent future breaches.

The rapid and transparent response from Bybit has drawn praise from industry leaders, with some calling it “exemplary” in how security incidents should be handled.

Only two hours after the hack, Bybit’s CEO already went online with a livestream explaining the event, its impact and next steps. This unprecedented response and transparency showcases the exchange’s commitment to easing community concerns.

Crypto Industry Reactions: Support, Speculation, and Market Impact

KuCoin and Other Exchanges Stand with Bybit

Recognizing the gravity of the situation, rival exchange KuCoin issued an official statement expressing solidarity with Bybit. KuCoin committed to helping monitor fund movements and freeze any suspicious transactions, reinforcing the industry’s collective effort against cybercrime.

Binance’s CZ Suggests Withdrawal Halt, Bybit Declines

Former Binance CEO Changpeng “CZ” Zhao weighed in on the hack, advising Bybit to temporarily pause withdrawals as a precautionary measure. However, Bybit chose to keep withdrawals open, demonstrating confidence in its liquidity.

“Not an easy situation to deal with. Might suggest to halt all withdrawals for a bit as a standard security precaution. Will provide any assistance if needed. Good luck.” – CZ, Former Binance CEO

As the story unfolds, it’s likely more exchanges and individuals will rise to the occasion and take this incident as a lesson to reinforce their own exchanges or protocols.

Market Fallout: Ethereum Price Drops as Stolen Funds Are Liquidated

The hack immediately impacted the Ethereum market, with large amounts of stolen ETH being dumped across decentralized exchanges (DEXes).

Key Market Reactions:

📉 Ethereum Price Drops: ETH saw a 5% decline, falling from $3,020 to $2,850, as the hacker liquidated stolen assets.

🔄 Speculation of a Buyback: Some experts believe Bybit may repurchase ETH to restore reserves, potentially triggering a bullish price movement.

📈 Pi Network Token Surges 10%: A bizarre consequence of the hack was the 10% price increase in Pi Network’s token (PI), fueled by baseless speculation that Pi Network enthusiasts were behind the breach.

ETH 1D graph coinmarketcap
Ethereum (ETH) price over the past 24 hours (Chart by Coinmarketcap).

Whether the Ethereum and overall crypto dip during the day can be attributed to Bybit’s hack remains up for debate. Traditional markets such as S&P 500 also had a sharp drop today due to macroeconomic data. Bitcoin and the broader crypto market tend to react to these news events in a similar fashion.

Lessons Learned: Strengthening Crypto Exchange Security

This attack underscores the persistent threats in the crypto space and the importance of security best practices.

Key Takeaways for Crypto Users & Exchanges:

  • Enable Two-Factor Authentication (2FA): Strengthen account security by requiring 2FA for logins and withdrawals.
  • Avoid Blind Signing Transactions: Users and institutions should always verify smart contract interactions before signing transactions.
  • Use Hardware Wallets Cautiously: This hack highlights how even cold wallets can be compromised if the signing process is not carefully managed.
  • Exchange Collaboration is Key: The swift response from KuCoin and other exchanges demonstrates the importance of cross-platform security cooperation in combating hacks.

What’s Next for Bybit? A Stronger Future Ahead

Despite the record-breaking size of the hack, Bybit has shown resilience and transparency in handling the situation. Unlike FTX, which collapsed due to insolvency, Bybit maintains strong reserves and continues to process withdrawals.

Will this event weaken Bybit? Unlikely. If anything, Bybit’s proactive approach and strong asset backing could strengthen its reputation as a reliable exchange.

“1.5B hack is massive, but because Bybit is one of the world’s biggest crypto exchanges, this amount is a drop in the bucket. If anything, the exchange is likely to come out even stronger after this event.”

Cexfinder

With increased security measures, ongoing forensic investigations, and industry-wide support, Bybit is likely to recover swiftly and reinforce its position as a leading exchange.

Final Thoughts: What Crypto Users Should Do Now

  • Stay Informed: Follow Bybit’s official channels for real-time updates: Bybit’s Twitter, Bybit’s website Announcements.
  • Secure Your Accounts: Enable 2FA, passkeys, and strong passwords.
  • Monitor Market Trends: Keep an eye on Ethereum’s price action as the stolen funds continue to move.
  • Be Patient with Withdrawals: While Bybit withdrawals are open, delays may occur due to high demand.
Crypto Exchange Safety Tips
Crypto Exchange Safety: How to Keep Accounts & Funds Safe

Keeping your crypto exchange accounts and funds safe involves vigilance and proactive measures. Read this guide and follow these tips to significantly reduce the risk of unauthorized access and keep your assets secure.Read Now 

Currently, there is no evidence that Bybit is insolvent or that they will have any financial issues. Bybit has verifiable Proof of Reserves reports and holds over $20 billion in customer assets. Users concerned about their funds are welcome to withdraw them to self-custody wallets. Due to a high amount of withdrawals today, patience is advised.

This incident serves as a wake-up call for the entire crypto industry. While the hack is a setback, it also paves the way for stronger security measures that will benefit the future of cryptocurrency.

Published on February 21st, 2025 by Darren Lim. Latest update made on July 3rd, 2025 (11 months ago).

Darren Lim
Darren Lim
Freelance dev, full-time trader, part-time NFT survivor. Darren covers crypto markets with code and caffeine. More articles by Darren

Related News: