In what appears to be the largest cryptocurrency exchange heist to date, attackers have drained an ETH multisig cold wallet belonging to Bybit, making off with over $1.4 billion in ETH-based tokens.
Bybit’s CEO, Ben Zhou confirmed the breach via X (formerly Twitter), stating that hackers employed a sophisticated phishing attack to gain control of the wallet.
The attackers employed a sophisticated phishing technique known as a “Musked” or “masquerade attack.” This involves creating a near-perfect replica of a legitimate interface, such as Safe’s multisig wallet, but manipulating the underlying transaction data.
Users are tricked into signing transactions that differ from what they see on the screen, similar to a fake ATM interface displaying a $100 withdrawal while actually debiting the entire balance.
Despite the massive theft, CEO Ben Zhou moved quickly to reassure users that Bybit remains solvent. “All client assets are 1:1 backed,” Zhou stated, “and we are capable of absorbing this loss, even if the stolen funds are not recovered.” The exchange is actively investigating the incident and has committed to providing regular updates to its users.
Early indications suggest the Lazarus Group, a North Korean hacking group, may be responsible for the theft of approximately 499,395 ETH. This would make them one of the largest (14th) ETH holders globally, possessing roughly 0.42% of the total supply—more than prominent figures like Fidelity and Vitalik Buterin, and over twice the Ethereum Foundation’s holdings.
The Bybit platform is accessible through its website and mobile apps for iOS and Android devices.
If you click on a link and make a purchase we may receive a small commission. Learn more. All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Privacy Policy.
Discover more from BITVoxy Digest
Subscribe to get the latest posts sent to your email.
