Bybit crypto exchange's ETH treasury/wallet hacked

Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.

Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.

We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption.

Transparency and security remain our top priorities, and we will provide updates asap

Click to expand...

Bybit has suffered one of the largest crypto hacks in history, with over $1.46 billion worth of Ethereum and staked assets drained from the exchange’s cold wallet. According to ZachXBT, the blockchain analyst who first flagged the suspicious outflows, the hacker moved 401,346 ETH—worth approximately $1.1 billion—along with staked Ether (stETH-USD) and MegaETH (mETH) to a fresh wallet, where they have begun liquidating the stolen funds.
...
Following the hack, the attacker quickly began offloading the stolen funds, selling around $200 million worth of stETH on decentralized exchanges, according to Etherscan. This sell-off contributed to a 4% drop in Ethereum’s (ETH-USD) price, while Bitcoin also slid by more than 1.5%.
...

Click to expand...

North Korea steals $1.5bn as it pulls off world’s biggest ever heist​

...
The incident represents a significant evolution of these attack patterns, introducing sophisticated UI manipulation techniques not previously seen. Instead of just exploiting protocol mechanics, the attackers employed advanced social engineering through manipulated interfaces, allowing them to compromise a significant institutional multisig setup.
...
This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:

• Multisigs are no longer a security guarantee if signers can be compromised.
• Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.
• Supply chain and UI manipulation attacks are becoming more sophisticated.

...
The Bybit hack has shattered long-held assumptions about crypto security.

Even with airtight technical defenses, human error remains the biggest vulnerability. This attack highlights how tactics like UI manipulation and social engineering can compromise even the most secure wallets.

Crypto security must evolve beyond just cryptographic trust—it must account for human vulnerabilities, advanced malware threats, and UI manipulation attacks. The industry needs to rethink how transactions are verified and how multi-layered, independent verification processes can prevent such catastrophic breaches in the future.

Click to expand...

Key Takeaways:
— Blind signing poses a significant obstacle to the security and growth of the digital asset ecosystem. Scammers have exploited this vulnerability, siphoning billions of dollars from unsuspecting users across various platforms and blockchains.

— Ledger has devised a standardized method to transform complex smart contract data into clear, human-readable information, ensuring“what you see is what you sign.”

— Achieving widespread adoption of Clear Signing necessitates collaboration across the digital asset ecosystem, thus, Ledger is actively engaging with industry leaders, blockchain developers, and partners committed to this initiative.
...

Click to expand...