Bybit Reports Security Breach as Hackers Drain $1.4 Billion in ETH and mETH
Cryptocurrency exchange Bybit has reportedly lost over $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) due to a security breach. The incident was flagged by onchain security analyst ZackXBT, who urged users to blacklist addresses linked to the stolen funds, Cointelegraph reported.Bybit Confirms Breach, Investigates Stolen FundsBybit co-founder and CEO Ben Zhou acknowledged the hack. He stated that a transfer was made from the exchange’s multisignature wallet to a warm wallet about an hour before the breach was identified.JUST IN: Bybit founder confirms $1.4 billion $ETH hack, asserts solvency even if losses remain uncovered. pic.twitter.com/8rE3KHrGRL— Whale Insider (@WhaleInsider) February 21, 2025According to Zhou, the transaction appeared legitimate but contained malicious code. He said the attackers altered the smart contract logic, allowing them to drain funds. Zhou assured users that the exchange is investigating the breach."Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops. If any team can help us to track the stolen fund will be appreciated," Zhou wrote. Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…— Ben Zhou (@benbybit) February 21, 2025December Sees Decline in Crypto TheftAfter months of rising crypto hacks and scams, losses dropped in December 2024, marking the lowest monthly total of the year. Blockchain security firms CertiK and PeckShield reported $29 million in losses, a sharp decline from October’s peak.Despite the decrease, notable incidents occurred, including attacks on GemPad and LastPass users. CertiK recorded $28.6 million in losses, down from $63.8 million in November. PeckShield reported $24.7 million in hack-related losses, a 71% month-over-month decrease.GemPad suffered the most significant exploit, with attackers draining $2.1 million. FEG lost $1 million due to a cross-chain verification error. Hackers also stole $12.3 million from LastPass users following a past data breach, as reported by Finance Magnates.While December saw a decline, crypto-related thefts in 2024 totalled $2.3 billion, a 40% increase from 2023 but lower than 2022’s $3.78 billion, according to Cyvers' Web3 Security Report. This article was written by Tareq Sikder at www.financemagnates.com.
FieNews 
Cryptocurrency exchange Bybit has reportedly lost over $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) due to a security breach. The incident was flagged by onchain security analyst ZackXBT, who urged users to blacklist addresses linked to the stolen funds, Cointelegraph reported.
Bybit Confirms Breach, Investigates Stolen Funds
Bybit co-founder and CEO Ben Zhou acknowledged the hack. He stated that a transfer was made from the exchange’s multisignature wallet to a warm wallet about an hour before the breach was identified.
JUST IN: Bybit founder confirms $1.4 billion $ETH hack, asserts solvency even if losses remain uncovered. pic.twitter.com/8rE3KHrGRL— Whale Insider (@WhaleInsider) February 21, 2025
According to Zhou, the transaction appeared legitimate but contained malicious code. He said the attackers altered the smart contract logic, allowing them to drain funds. Zhou assured users that the exchange is investigating the breach.
"Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops. If any team can help us to track the stolen fund will be appreciated," Zhou wrote.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…— Ben Zhou (@benbybit) February 21, 2025
December Sees Decline in Crypto Theft
After months of rising crypto hacks and scams, losses dropped in December 2024, marking the lowest monthly total of the year. Blockchain security firms CertiK and PeckShield reported $29 million in losses, a sharp decline from October’s peak.
Despite the decrease, notable incidents occurred, including attacks on GemPad and LastPass users. CertiK recorded $28.6 million in losses, down from $63.8 million in November. PeckShield reported $24.7 million in hack-related losses, a 71% month-over-month decrease.
GemPad suffered the most significant exploit, with attackers draining $2.1 million. FEG lost $1 million due to a cross-chain verification error. Hackers also stole $12.3 million from LastPass users following a past data breach, as reported by Finance Magnates.
While December saw a decline, crypto-related thefts in 2024 totalled $2.3 billion, a 40% increase from 2023 but lower than 2022’s $3.78 billion, according to Cyvers' Web3 Security Report. This article was written by Tareq Sikder at www.financemagnates.com.
