Bybit Loses 400,000 ETH In Massive Crypto Hack

The security of exchange platforms is a central issue in the crypto world. A new attack has once again highlighted the heightened vulnerability of the sector: Bybit, one of the most influential exchanges, has suffered an exceptional hacking incident, with an estimated loss of $1.5 billion in Ethereum. The incident sheds light on the complexity of the attacks targeting crypto infrastructures, as well as the challenges faced by platforms to protect their users’ funds. According to initial investigations, the attack is believed to be the work of the Lazarus group, a cybercriminal organization affiliated with North Korea, already responsible for several massive breaches in the sector. Bybit claims it can cover the losses, but this event raises questions about the resilience of exchanges in the face of growing threats.

An unprecedented theft orchestrated through a critical flaw

The attack against Bybit was revealed on Friday by several on-chain analysts, including ZachXBT, who immediately alerted about a suspicious movement of 400,000 ETH from the platform’s cold wallets. Indeed, more than 400,000 ETH were transferred out of the platform before being quickly exchanged for staked tokens mETH and stETH and then converted into Ethereum. Ben Zhou, CEO of Bybit, confirmed during a livestream that the attack resulted in the loss of about 70% of the exchange’s ETH reserves.

According to cybersecurity experts at Cyvers, the attack is believed to have exploited a flaw in the transaction signing system. The hackers managed to deceive the holders of Bybit’s private keys by encouraging them to approve a fraudulent transaction that appeared legitimate. Jack Sanford, CEO of Sherlock DeFi, suggests that the attackers were able to modify the parameters of the multisig smart contract, thereby allowing them to take control of the funds. The exact details of the compromise remain uncertain, but several hypotheses suggest an intrusion via the user interface or an infection of the signatories’ computers.

The impact on Bybit and the measures taken to avoid a collapse

Despite the severity of the hack, Bybit assured that users’ funds were covered 1:1. The exchange excludes any risk of losses for clients. In a message to investors published on the social media platform X (formerly Twitter) on February 22, Ben Zhou clarified that the exchange has already secured a bridge loan that covers 80% of the stolen amount to preserve its liquidity and honor withdrawal requests.

Faced with pressure from investors and market observers, Bybit decided not to suspend withdrawals, despite recommendations from Changpeng Zhao, former CEO of Binance, who suggested in a post on February 21 on platform X a temporary freeze to avoid widespread panic. This approach differs from that adopted by other platforms that suffered similar attacks, such as FTX or Celsius, which chose to temporarily block access to funds, leading to user distrust.

Such a hack could indeed mark a turning point in how centralized platforms manage their reserves and secure their infrastructures. The involvement of the Lazarus group, known for its sophisticated attacks, raises questions about the regulation and security protocols that need to be strengthened to prevent such disasters. Thus, voices are already rising to promote hybrid solutions that combine the security of cold wallets with the flexibility of validation systems. In a more provocative tone, Arthur Hayes, co-founder of BitMEX, joked by calling Vitalik Buterin to “rollback the Ethereum blockchain“, a reference to the DAO Hack of 2016 that led to a fork of the network. While such action is now unthinkable, this incident brings the debate on the reliability of centralized exchanges and the necessity for investors to diversify their storage strategies back to the forefront. The crypto ecosystem will continue to face these challenges, and the Bybit affair could well serve as a wake-up call for the crypto industry.