The CEO of cryptocurrency exchange Bybit, Ben Zhou, has confirmed on X that the company has been hacked. Two hours ago, the X account of Whale Alert highlighted a transfer of more than 401,000 ETH worth $1.1 billion. The hacker transferred the funds to a fresh wallet address, but has since moved the funds to more than 40 other wallets.
Mr Zhou said that only one ETH cold wallet was compromised, and that all other wallets are intact and withdrawals continue as normal. The implication is that Bybit has more than $1 billion in equity. He followed up by saying “Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”
Former Binance CEO Changpeng Zhao (CZ) chimed in that the exchange should consider pausing withdrawals as a precaution.
While the hacker might have successfully drained the wallet, it remains to be seen whether they can do much with the funds.
Given that blockchains are public, Etherscan, the popular explorer, marked the wallet addresses as a ‘Bybit exploiter’. The transfers out of the initial exploiter address were in units of ETH 10,000 or $27 million, with each new wallet address also flagged.
Apart from the first wallet which was drained, most of the action was in two wallets (1 2), with the vast majority of funds still sitting in amounts of ETH 10,000 in 40 or so wallets.
Others have pegged the hack figure at $1.4 billion. However, the CEO confirmed the theft of ETH 401,000 or around $1.1 billion at a price of $2,800.
What happened?
CEO Ben Zhou launched a livestream on X to explain what happened. He said the company was doing a routine transfer between its ETH cold wallet and hot wallet, something it does when the balance in the hot wallet reaches a certain level. It uses Safe.global multi-signature wallets for cold storage, and he was the last to sign this particular transaction.
He checked the link was the main Safe website, which is one of their safety protocols. The wallet address was also verified. The initial transaction was ETH 30,000, but presumably there were several to reach ETH 401,000.
Only the Ethereum cold wallet was compromised and he said the Bybit company treasury can cover the loss. Bybit’s total assets under management are more than $20 billion.
No further Safe transfers will be performed until they confirm the precise cause. Safe is also pausing on its side, just in case. Bybit’s CEO floated a couple of possible causes, but cautioned that they don’t know yet. Either all the signers’ computers were hacked so that the Safe website was faked, or Safe was somehow compromised. He was not saying that was the case, as investigations are ongoing.
There have been massive withdrawal requests (almost 100x normal), which Bybit is processing, with 70% of them done. Some of the larger withdrawals have to go through compliance. The aim is to process all withdrawals in a few hours. Customer support also has a bit of a backlog given the increased volumes, but is catching up, and all staff are online.
Given the hack was of the Ethereum wallet, it is not possible to withdraw ETH at the moment. However, Bybit is getting a bridge loan from partners to specifically satisfy Ethereum withdrawals. The company says it has plenty of funds, just not in ETH.
