Zinger Key Points
- Bybit is processing withdrawals but secured an emergency bridge loan to address liquidity issues from the security breach.
- The hack affected only Bybit’s Ethereum cold wallet, while all other wallets, including Bitcoin reserves, remain secure.
- Get access to your new suite of high-powered trading tools, including real-time stock ratings, insider trades, and government trading signals.
Bybit founder Ben Zhou has raised concerns that multisig wallet provider Safe may have been compromised, allowing hackers to steal $1.4 billion in Ethereum ETH/USD.
Speaking in a live stream, Zhou explained that the attack targeted Bybit's Ethereum cold wallet, but all other wallets, including its Bitcoin BTC/USD reserves, remain unaffected.
How The Attack Unfolded
Zhou recounted how the attackers manipulated Bybit's signing process while maintaining the appearance of a legitimate Safe transaction.
“It was a normal URL. I double-checked. It was the Safe URL from the official Safe website. We always use the official website,” Zhou said.
He explained that as part of standard security measures, he verified the UI and destination address, ensuring it matched Bybit's warm wallet before approving the transfer.
However, the actual signing message was altered, not to authorize a simple transfer, but instead to modify the smart contract logic of the cold wallet.
“The hacker changed that transaction into upgrading or changing the Safe smart contract logic so that he gained control over the entire Ethereum cold wallet,” Zhou revealed.
Also Read: Coinbase CEO Brian Armstrong Says SEC Has Agreed To End ‘Bogus’ Enforcement Case Without Penalties
Extent of the Damage And Bybit's Response
The total stolen amount includes:
- 401,347 ETH ($1.12 billion)
- 90,376 stETH ($253 million)
- 15,000 cmETH ($44 million)
- 8,000 mETH ($23 million)
Despite the breach, Zhou assured users that withdrawals remain open, although processing times have increased due to a surge in requests.
At the peak, Bybit was handling nearly 100 times the normal withdrawal volume.
The exchange is currently relying on a bridge loan from partners to maintain liquidity while resolving the issue.
“We are not currently buying ETH. We secured almost 80% of the stolen amount as a bridge loan to maintain liquidity,” Zhou confirmed.
Investigating The Breach
Bybit is working closely with Safe's team to determine whether the attack stemmed from a vulnerability on Safe's end.
Zhou stated that Safe has paused its services to conduct further internal investigations.
“It could be that the Safe server was hacked, but we don't know yet. We are actively working with Safe to uncover what happened,” Zhou said.
Tracking The Stolen Funds
Bybit has also received support from major exchanges such as Binance and MEXC and Gate which have pledged to help track and block the stolen assets.
Zhou encouraged security firms and blockchain analysts to assist in monitoring the movement of funds in hopes of freezing the stolen Ethereum before it is laundered.
What's Next?
Bybit confirmed that it has the financial reserves to cover client losses, stating that the stolen Ethereum represents only a fraction of the exchange's total assets.
The company also reiterated its commitment to security enhancements and will continue updating users as the investigation progresses.
Read Next:
Image: Shutterstock
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
