Source: Ethereum price page

• Bybit CEO Ben Zhou confirmed the hack occurred when attackers exploited a planned transfer between the exchange’s wallets.
• “The signing message was to change the smart contract logic of our ETH cold wallet,” Zhou explained.

• In other words, while Bybit’s team thought they were approving a routine transfer between wallets, they were actually signing a transaction that modified their cold wallet’s smart contract, giving the attacker the ability to withdraw funds.
• The attacker gained control of a specific ETH cold wallet and transferred its contents to an unidentified address.
• In a follow-up statement, Zhou indicated that rather than immediately purchasing ETH to cover the losses, Bybit would work with partners to secure bridge loans. The exchange is experiencing transaction volumes 100 times higher than normal, leading to processing delays, particularly for large withdrawals.
• Binance founder, CZ, responded to the incident by suggesting Bybit temporarily halt withdrawals as a security precaution, offering assistance. Safe Wallet, meanwhile, has temporarily paused certain functionalities while their security team investigates the incident.

• SlowMist, a blockchain security firm, noted similarities to a previous hack of Radiant Capital attributed to North Korean hackers.
• Security researcher ZachXBT, who first spotted suspicious outflows from the exchange, reported that the stolen funds were being distributed across 39 different addresses, apparently in an attempt to obscure the money trail.
•  
• In an official statement, Bybit detailed the attack’s mechanics: “The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic.”
•  
• Despite the significant loss, Zhou assured users that the exchange remains financially stable.
•  
• The exchange confirmed that other cold wallets remain secure and withdrawals are functioning normally.
• The breach has sparked responses across the cryptocurrency ecosystem. Ethena Labs assured users that their USDe stablecoin remains fully collateralized, with less than $30 million in unrealized PNL related to Bybit hedge positions, representing less than half of their reserve fund.
•  
• This incident adds to a series of security breaches in the cryptocurrency sector during February 2025. Earlier this month, ZkLend, a Starknet-based money-market protocol, lost $9.5 million in an exploit, though the funds were later returned through the Railgun protocol.
• The stolen assets included liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and various other ERC-20 tokens.