One of the Largest Crypto Heists Ever Recorded
Bybit, a leading cryptocurrency exchange, has fallen victim to an unprecedented $1.4 billion Ethereum hack, making it one of the biggest thefts in crypto history. The attack targeted Bybit’s cold storage wallet, a security measure typically used to protect assets from online threats.
CEO Ben Zhou addressed the breach in an emergency livestream, explaining that the hackers managed to drain 400,000 ETH from the exchange before the security team identified the intrusion. The theft occurred during a wallet transition process when assets were being moved between cold and hot wallets, creating a vulnerability that attackers exploited.
This breach surpasses previous crypto heists, including the $620 million Ronin Network hack in 2022, which was attributed to North Korean hacking groups. Blockchain security experts are investigating whether this latest incident is linked to similar actors.
What Happened & Why This Matters
The attackers successfully manipulated Bybit’s transaction signing system, making it appear that transfers were approved under normal conditions. In reality, the transactions sent Ethereum to an unauthorized external address, bypassing the exchange’s internal controls.
Preliminary analysis suggests that the hackers gained remote access to Bybit’s infrastructure, possibly through social engineering, an insider threat, or a software vulnerability. Some analysts speculate that this attack might involve a previously undiscovered zero-day exploit.
Following the breach, Ethereum’s price dipped from $2,823 to $2,685, reflecting the impact of the theft on investor confidence. Bybit responded by pausing all Ethereum withdrawals while continuing Bitcoin transactions, allowing users access to at least some of their holdings.
Despite the scale of the theft, Bybit has reassured customers that user funds remain secure and that the company has enough reserves to cover the loss. With an estimated $20 billion in assets, the exchange is not at immediate risk of insolvency.
Blockchain investigator ZachXBT, known for tracking major cyber heists, has traced some of the stolen Ethereum through laundering patterns often linked to North Korean cybercriminals. If verified, this could be another case of state-sponsored crypto theft, which has been used to fund government-backed operations in recent years.
Bybit has since locked down its remaining cold wallets, brought in third-party cybersecurity firms, and is collaborating with blockchain intelligence teams to track stolen assets. The goal is to freeze or recover some funds before they are thoroughly laundered through decentralized exchanges and mixers.
Crypto security specialists say that Bybit’s security model failed fundamentally, particularly in terms of how cold wallets were accessed. Traditionally, these wallets are considered the safest way to store large amounts of digital assets. However, this attack raises serious concerns about how secure even offline storage can be if an attacker gains internal access.
TF Summary: What’s Next?
Bybit now faces intense scrutiny as it recovers the stolen funds and restores confidence in its platform. Global law enforcement agencies and cybersecurity firms are collaborating to investigate and track the movement of the stolen Ethereum.
If further evidence confirms that North Korean hackers were behind the attack, this could trigger government sanctions and increase international pressure on crypto exchanges to strengthen security measures. Meanwhile, Bybit must implement stronger protections to reassure users that their holdings remain safe. The crypto industry will watch closely to see how Bybit handles this crisis and whether security measures improve.
— Text-to-Speech (TTS) provided by gspeech