In a turn of events that would make even the most seasoned cynic raise an eyebrow, ByBit exchange has found itself the unwitting star of a rather unfortunate drama, having lost a staggering $1.5 billion in ETH on the 21st of February. One can only imagine the collective gasp from the crypto community, akin to a Victorian drawing-room upon hearing a scandalous rumor.
While the entire platform remains unscathed—thank heavens for small mercies—one of its multi-signature cold wallets has been thoroughly compromised. The hacker, it seems, managed to outwit the ByBit team with the finesse of a seasoned con artist, withdrawing billions as if they were merely borrowing a cup of sugar.
This latest escapade echoes the infamous WazirX hack of yore, where a mere $234.9 million was spirited away with similar aplomb. One can only wonder if these hackers are attending the same masterclass in digital larceny.
As it stands, ByBit has assured its users that their funds are safe, boasting a 1:1 reserve ratio. Yet, one cannot help but picture the anxious faces of millions of users, akin to children left alone in a candy store with a sign that reads “Closed for Repairs.”
Now, let us delve into the sordid details of how this grand heist unfolded, shall we?
The Mechanics of Mayhem: How Did the ByBit Hack Occur?
As is customary in the realm of crypto calamities, cold wallets and multisig wallets are at the heart of this debacle. ByBit, like its contemporaries, employs multisig wallets to add a veneer of security to user funds. These wallets, requiring multiple approvals, are meant to be the digital equivalent of a bank vault—albeit one with a rather flimsy lock.
The Art of Musking
In a stroke of sheer audacity, the hackers employed a technique dubbed “Musking,” as elucidated by Bybit’s own CEO, Ben Zhou. This delightful term refers to a form of UI spoofing, where the transaction details are artfully altered, leading the unsuspecting signers to believe they are executing a benign transaction. It’s like convincing a bank teller that a counterfeit check is, in fact, a winning lottery ticket.
Here’s how the ruse unfolded:
- Fake Transaction Interface
The hackers, with the cunning of a fox in a henhouse, manipulated Bybit’s transaction interface—courtesy of the esteemed security firm Safe—crafting a request that looked as legitimate as a royal decree.
- Approval from Bybit Multisig Signers
Believing they were merely signing off on a routine transfer, the Bybit team unwittingly approved the transaction, likely thinking it was just another day at the office. Little did they know, they were signing away a cool $1.3 billion in one fell swoop.
- Control of the Wallet
With the signatures in hand, the hackers seized control of the wallet, moving the funds with the alacrity of a cat burglar in the night. It’s worth noting that not all wallets were compromised—only the one assigned to that particular multisig was accessed. A small mercy, perhaps?
- Transfer of Funds
Once in control, the hackers began their merry dance, transferring funds to a plethora of unknown addresses. According to Arkham Intelligence, the nefarious individual now holds a staggering $1.3 billion of stolen ETH across 53 different wallets. One can only imagine the hacker’s glee, akin to a child in a candy store.
WE’VE COMPILED A LIST OF BYBIT HACKER WALLETS
The Bybit Hacker currently holds $1.37B of ETH and has used 53 wallets so far.
Wallet list below:
— Arkham (@arkham) February 21, 2025
What Do the Experts Say?
While the incident may appear straightforward to the untrained eye, the intricacies of the security breach are anything but. A team of blockchain security experts, aptly named Dilation Effect, posits that only one signer needed to be compromised for the attack to succeed, thanks to a rather sophisticated social engineering ploy.
Experts suggest that by scrutinizing the on-chain transactions, one can observe the attacker executing the transfer function of a malicious contract through a delegatecall. The transfer code, employing the SSTORE instruction, cleverly modifies the value of slot 0, thereby altering the implementation address of the Bybit cold wallet multisig contract to the attacker’s own address. Quite the clever ruse, wouldn’t you agree?
The Current Status of Stolen Funds
As the hacker has deftly transferred assets to various addresses, tracking the funds has become a Herculean task. Unlike previous escapades, this time the hacker has refrained from sending funds to the crypto mixer Tornado Cash, opting instead for a more subtle approach. Perhaps they’re saving that for a rainy day?
This latest debacle has once again ignited security concerns within the crypto sphere. Despite the implementation of cutting-edge security measures, it appears that hackers continue to outsmart the system. However, as the funds remain nestled in Ethereum wallets, there lingers a glimmer of hope for potential white-hat recovery, as the hackers seem reluctant to vanish entirely from the public eye.
Read More
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Ludus promo codes (April 2025)
- Cookie Run Kingdom Town Square Vault password
- 10 Hardest Bosses In The First Berserker: Khazan
- Maiden Academy tier list
- DEEP PREDICTION. DEEP cryptocurrency
- Puzzles & Survival brings back Transformers for another collaboration, this time featuring Bumblebee
- Summoners Kingdom: Goddess tier list and a reroll guide
- Tap Force tier list of all characters that you can pick
- Russian Finance Ministry staffer calls crypto a ‘locomotive’ for development
2025-02-21 22:31