What happened:
On February 21, 2025, at approximately 12:30 PM UTC , Bybit detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a routine transfer process. The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet. Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.
What was the impact:
- Stolen funds: Over $1.5 billion worth of ETH and stETH have been compromised.
- Cause: A manipulation of the transfer process in our ETH Multisig Cold Wallet during a planned routine transfer.
What You Need to Know:
- All Other Cold Wallets Are Secure: We want to reassure you that all other Bybit Cold Wallets are safe, and client funds are unaffected and remain secure.
- Withdrawals Are Not Halted: We understand that the current situation has led to a surge in withdrawal requests. Although this high volume may result in delays, please be assured that all withdrawals are being processed as normal.
- 1:1 Asset Backing: We want to emphasize that Bybit’s reserves are strong and 1:1 backed. All client assets are fully secured, and we are committed to maintaining the integrity of our platform. You can review our Proof of Reserves (PoR) on our PoR webpage.
We want to reassure our users that this was an isolated incident involving only the ETH Cold Wallet. All other cold wallets and assets, including BTC, remain secure, and client funds are unaffected.
What Bybit is doing about it:
We are working alongside leading blockchain forensic experts to trace the stolen funds and resolve the situation. Our security team is investigating the root cause, with particular attention being given to a potential vulnerability in the user interface of the Safe.global platform, which may have been exploited during the transaction process.
- Withdrawals are functioning normally, with 70% of pending requests already processed. Some delays may occur due to high volume, but this does not impact your ability to access funds.
- Bybit has more than enough assets to cover the loss, with AUM exceeding $20 billion, and will use a bridge loan if necessary to ensure the availability of user funds.
- Our platform and all other services, including trading products, cards, and P2P, are fully operational.
We are taking all necessary steps to prevent any further unauthorized activity, and will continue to update our users regularly through our official channels.
How Bybit can help you:
We remain fully committed to the security of your funds and the integrity of our platform. If you have any concerns or questions, please reach out to our Customer Support team via Live Chat or through our official support channels. We sincerely appreciate your continued trust and understanding. We will provide further updates as our investigation progresses.
Thank you for being part of the Bybit community.
