Bybit Cyberattack: Unauthorized Access to ETH Cold Wallet and Swift Response
Bybit Cyberattack: Exchange Responds Swiftly to Secure User Funds
In a concerning incident for the cryptocurrency community, Bybit, a prominent cryptocurrency exchange, recently detected unauthorized activity within one of its Ethereum (ETH) cold wallets. The breach allowed a malicious actor to gain control of the wallet and transfer a significant amount of ETH to an unidentified address. However, Bybit acted quickly to ensure the security of user funds and the integrity of its platform.
The cyberattack targeted Bybit’s multisig cold wallet, where the attacker manipulated a legitimate transfer to the platform’s warm wallet. By altering the smart contract logic while keeping the signing interface unchanged, the perpetrator masked their true intent, successfully executing the unauthorized transfer.
In response, Bybit’s security team collaborated with blockchain forensic experts to investigate the breach. The exchange assured users that all other cold wallets remained secure and that their funds were safe. "We want to assure our users and partners that all other Bybit cold wallets remain fully secure," the company stated.
The swift response from Bybit, along with support from various organizations in the crypto space, proved crucial. Collaborators, including Tether and THORChain, helped freeze approximately $42.89 million in stolen assets within a day. Additionally, the mETH Protocol team successfully retrieved 15,000 cmETH tokens, valued at around $43 million, which were returned to Bybit.
CEO Ben Zhou provided regular updates, emphasizing that Bybit had closed the ETH gap and would soon publish an audited Proof of Reserves report. The exchange processed over 580,000 withdrawal requests post-incident, demonstrating resilience and restoring user confidence.
Bybit’s proactive measures and commitment to transparency highlight the importance of collaboration in combating cyber threats in the cryptocurrency industry. As the exchange strengthens its security infrastructure, it remains vigilant in protecting its users from future attacks.