The Bybit cryptocurrency exchange became the victim of a significant security breach recently, with over $1.4 billion in liquid-staked Ether Mantle Staked ETH (mETH) and other ERC-20 tokens stolen by an unscrupulous actor. Onchain security expert ZachXBT was the first to identify the breach shortly after it happened and advised users to steer clear of addresses linked to the hack. The co-founder and CEO of Bybit, Ben Zhou, has also confirmed the incident and provided updates about the situation.
According to Zhou, a transaction was initiated from the exchange’s multisignature wallet to a less-secure “warm” wallet not long before the breach was detected. The transaction was initially indistinguishable from normal transactions, as it contained malicious source code designed to tweak the smart contract logic of the wallet and facilitate the draining of the funds. Despite this setback, Zhou reassured Bybit users, stating that all other cold wallets are secure, normal withdrawals can still be made, and the exchange is looking for assistance to track the stolen funds.
This incident is part of a string of high-profile security breaches since 2024 resulting in substantial losses for cryptocurrency exchanges. Despite this, Zhou says, “Bybit is Solvent even if this hack loss is not recovered, all of the client’s assets are 1 to 1 backed — we can cover the loss”. He further assures clients that the operations continue without disruption, and all other client funds are secure.
The hack announcement led to a drop in the price of Ether (ETH) by over 3%. The significant security breach has sent ripples through the cryptocurrency market, being amongst the biggest in recent history.
In recent weeks, the crypto industry has seen a surge in hacks and fraudulent activities. ZkLend, a money-market protocol operating on Starknet, was also the victim of a $9.5 million hack on February 14. Unsurprisingly, the social media accounts of Jupiter, a Solana-based decentralized exchange, and former Malaysian Prime Minister Mahathir Mohamad, were compromised on February 5, and used to promote counterfeit meme coins.