In what is likely to end up as one of the biggest crypto-related hacks of the past few months, ByBit crypto exchange has lost control over one of its Ethereum cold wallets, resulting in the outright theft of the wallet's content.
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…
— Bybit (@Bybit_Official) February 21, 2025
To wit, as per ByBit's declaration via an X post, the crypto exchange has suffered a "sophisticated attack" where the attackers were able to mask the signing interface of the exchange's Ethereum multisig cold wallet at a time when that wallet was executing a transfer to the exchange's hot wallet. The mask allowed the attackers to display "the correct address while altering the underlying smart contract logic."
For the benefit of those who might not be aware, cold wallets are usually the safest way of storing cryptocurrencies as the private authentication keys for those wallets are stored on a device that remains cutoff from the internet.
Nonetheless, the hackers in this case were able to target the wallet at a time when a transfer was taking place, manipulating the smart contract logic to divert Ethereum coins to their designated wallet. As per reports that are trickling in, the exchange appears to have lost liquid-staked Ether and MegaETH (mETH) coins worth around $1.4 billion.
Lazarus Group: The North Korean Hackers Behind Bybit’s $1.5 Billion Crypto Heist
👇1-11) North Korean hackers are behind most crypto attacks, deploying specialized teams focusing exclusively on a single exchange or crypto service provider. The @Bybit_Official exchange hack,… pic.twitter.com/SUJLnJaG54
— 10x Research (@10x_Research) February 21, 2025
North Korea's infamous Lazarus Group is likely behind the attack on ByBit.
ByBit is also seeking competent individuals who can assist in tracking its stolen assets:
"Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us."
Critically, ByBit claims that "all client funds are safe, and our operations continue as usual without any disruption."
Today's development comes as crypto platforms lost a whopping $2.2 billion in assets in the FY 2024 to hackers, as per an analysis by Chainalysis. The report went on to note:
"Private key compromises accounted for the largest share of stolen crypto in 2024, at 43.8%."
Of course, such attacks are one of the biggest impediments to the wider adoption of cryptocurrencies such as Bitcoin and Ethereum.
Follow Wccftech on Google to get more of our news coverage in your feeds.
