Company also reassures that funds are strong amidst customer worries and withdrawals.
An estimated $1.4 billion has been stolen from the Bybit cryptocurrency exchange.
In a statement, Bybit said it detected unauthorised activity within one of its Ethereum cold wallets during a routine transfer process on February 21st.
It said that during a routine transfer process, the transaction was manipulated by a “sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet”.
As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.
It said its security team is investigating the root cause, with particular attention being given to a potential vulnerability in the user interface of the Safe.global platform, which may have been exploited during the transaction process.
The company also reassured other users that all other Bybit Cold Wallets are safe, and client funds are unaffected and remain secure.
A Run on the Wallets?
ByBit also said that the current situation has led to a surge in withdrawal requests, and although this high volume may result in delays, “please be assured that all withdrawals are being processed as normal.”
“We want to emphasize that Bybit’s reserves are strong and 1:1 backed. All client assets are fully secured, and we are committed to maintaining the integrity of our platform,” it said.
“We want to reassure our users that this was an isolated incident involving only the ETH Cold Wallet. All other cold wallets and assets, including BTC, remain secure, and client funds are unaffected.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
