Bybit Exchanges Suffers $1.4 Billion Hack Amid Phishing Attack

Singapore, Singapore — Cryptocurrency exchange Bybit has confirmed a significant security breach, resulting in the loss of over $1.4 billion worth of Ethereum (ETH) from one of its cold wallets. The incident, described as a highly sophisticated phishing attack, was disclosed on February 21, 2025, after on-chain analyst ZachXBT reported alarming outflows from Bybit’s wallets.

ZachXBT reported total outflows amounting to $1.46 billion, highlighting suspicious transactions and the exchange of mETH and stETH for ETH on decentralized exchanges. After conducting further analysis, ZachXBT verified that these activities arose from a security incident affecting the exchange.

Ben Zhou, the CEO of Bybit, addressed the exploit, explaining that attackers utilized a deceptive technique involving a “masked” transaction. He stated, “Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hour ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address.” The attackers exhibited a legitimate-looking user interface, tricking Bybit’s team into authorizing a malicious transaction.

According to Zhou, the masking technique displayed authentic information from Safe, a widely used wallet management platform. Despite appearing trustworthy, the transaction contained malicious code that manipulated the smart contract logic of Bybit’s targeted cold wallet, ultimately permitting the attackers to deplete the wallet of its ETH assets.

While Bybit confirmed that it was only one cold wallet that was compromised, the exchange reassured users of its other cold wallets’ security. Furthermore, Bybit stated that customer withdrawals are operating normally, indicating that the stolen assets constitute a fraction of their overall reserves.

The situation remains fluid, with the exchange continuing to investigate the breach and its impact on other wallet assets. As the cryptocurrency community watches closely, Bybit’s case highlights the persistent vulnerabilities within the sector and the ingenuity of cybercriminals.