Bybit, the second-largest crypto exchange in the industry, has lost $1.46 billion to a sophisticated attack on its cold wallet.
Ben Zhou, the CEO of the Exchange, confirmed the attack on his X page, sharing details of the hack and revealing that the hack took place during a transfer from Bybit’s ETH multi-sig wallet to a warm wallet.
Multiple reports peg the stolen funds at $1.46 billion worth of Ethereum, which the hackers moved to new wallet addresses.
Blind Signing
Leading Web 3 Security firm Cyvers Alerts confirmed the hack, pegging it to a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.
Cyvers CEO Deddy Levin, in a message to Cryptonews, termed the hack a good example of Blind signing. He stated that the hack is quite similar to the Access control hack that cost Wazir X $235 million.
Meir Dolev, Co-Founder and CTO of Cyvers Alerts, reacted to the development, explaining the workflow of the hackers and how they gained control of the wallet.
“ 2 min before the outflow transactions the hacker re implemented their safe multisig wallet to delegate the calls to hackers malicious contract, this is probably caused from blind signing while trying to execute legit transaction, from that momenet hackers have control on the their wallet and dont need any addition signatures, this is very similar to attacks of WazirX and Radiant Capital. Dolev Stated.
Arkham Intelligence, Leading Onchain tracking platform launched a $50,000 Bounty reward to anybody who can help recover the funds.
Submissions to the Bounty will be shared with the Bybit Team to support their investigation, the platform said. The platform also posted realtime updates on the movement of the funds by the hackers from the Bybit Cold Wallet to Hot Wallets.
No Cause For Panic
Bybit’s CEO Ben Zhou has calmed fraying nerves, stating that the Exchange is Solvent and all client’s assets can be covered.
The CEO claimed that the company could cover the missing Client funds following the $1.46 billion hack, and assets are 1:1 backed.
The CEO announced that he would be hosting a live stream to answer all questions about the new hack and update the exchange’s community on internal efforts.
Will Withdrawals be Halted?
Most exchanges halt withdrawals following a major Hack as a standard procedure. At the time of the report, Bybit had not announced the halting of withdrawals on the Exchange.
However, Changpeng Zhao, the Former CEO of Binance, has advised Bybit CEO to halt withdrawals as standard Security Precautions. He also offered to provide any assistance if needed.
The major hack on Bybit is, without a doubt, the biggest hack in the industry in terms of funds lost.
Last Year, India’s largest Exchange, WazirX, lost $235 million to hackers following the compromise of its Multi-Signature wallet.
The Exchange is still in the process of repaying funds after a social distribution strategy it initially proposed was shunned by its community.
