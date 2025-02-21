Crypto exchange Bybit revealed on Friday that it fell victim to a “sophisticated attack,” resulting in the theft of Ethereum (ETH) valued at $1.4 billion from one of its offline wallets.

The breach, described as the largest crypto heist in history, has sent shockwaves through the digital asset industry.

In a livestream announcement, Bybit’s CEO and co-founder, Ben Zhou, disclosed that hackers stole approximately 401,346 ETH, valued at around $1.4 billion at the time of the theft.

Zhou explained on X that the hacker gained control of one of Bybit’s cold wallets—a type of digital wallet designed to store cryptocurrency offline and theoretically disconnected from the internet.

The stolen funds were then transferred to a “warm” wallet, which is connected to the internet.

How it happened

Explaining how the hacking occurred via a post on X, Bybit said it detected unauthorized activity involving one of its ETH cold wallets.

“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic.

“As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.

“Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us,” the company explained.

Largest theft

This incident surpasses previous major crypto breaches, including the $624 million Ronin Network hack and the $611 million Poly Network exploit, according to data from Rekt, a platform tracking Web3 and crypto-related breaches.

Tom Robinson, co-founder and chief scientist at Elliptic, emphasized the scale of the theft, stating, “In fact, it may even be the largest single theft of all time,” referring to thefts of any kind, not limited to data breaches.

Before Bybit’s breach, the largest bank robbery in history was the withdrawal of approximately $1 billion from the Central Bank of Iraq, as reported by financial news site World Finance.

What you should know

Bybit, headquartered in Dubai, United Arab Emirates, held an estimated $16 billion in total assets as of last week, according to CoinMarketCap.

The exchange has assured its users and partners that all other Bybit cold wallets remain fully secure, adding that all client funds are safe, and its operations would continue as usual without any disruption.

The theft highlights the growing risks in the crypto space. According to blockchain analytics firm Chainalysis, hackers stole approximately $2.2 billion in crypto throughout 2024, following an estimated $2 billion in losses in 2023.

Chainalysis also indicated that North Korea-linked hacking groups were responsible for $1.34 billion in crypto theft across 47 incidents in 2024—a 102.88% increase in value stolen compared to $660.50 million across 20 incidents in 2023.