Bybit, one of the leading cryptocurrency exchanges, detected unauthorized activity within one of its ETH cold wallets. The malicious actor successfully gained control of the affected cold wallet and transferred its holdings to an unidentified address. This Bybit cyberattack has targeted many crypto communities, but the exchange has been quick to respond, ensuring user funds and the overall platform’s security remain intact.
The cyberattack on Bybit targeted its Ethereum (ETH) multisig cold wallet. The incident began when a legitimate transfer to the platform’s warm wallet was manipulated. The attacker altered the underlying smart contract logic, while keeping the signing interface seemingly unchanged, masking the real intent behind the transaction. This allowed the attacker to take control of the wallet and transfer the assets—amounting to a large amount of ETH—to a fraudulent address.
Response to the Bybit Cyberattack
In response to this breach, Bybit’s security team partnered with leading blockchain forensic experts and partners to investigate the attack. The platform is actively working with any team with blockchain analytics expertise and fund recovery capabilities to trace and possibly recover the stolen assets.
The company has been transparent in sharing updates with its users and partners, assuring them that their funds are safe and that the breach did not affect other cold wallets. “We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption,” a statement from the company read.
Collaboration and Quick Response
The quick response from Bybit, along with its partners in the crypto community, played a critical role in mitigating the damage caused by the Bybit cyberattack. Bybit’s efforts were supported by multiple organizations, including Tether, THORChain, ChangeNOW, FixedFloat, and CoinEx, among others. These teams acted quickly to freeze and block the stolen assets, limiting the attacker’s ability to move the funds further. In a single day, $42.89 million was successfully frozen, marking a key victory in the battle against cybercrime in the crypto space.
The mETH Protocol team also played a crucial role in the recovery process. Through their prompt actions, they successfully retrieved 15,000 cmETH tokens, valued at around $43 million, which were subsequently returned to Bybit. This operation was pivotal in demonstrating the power of collaboration in fighting cyberattacks in the crypto world.
Ben Zhou, the CEO of Bybit, also provided regular updates on the progress of recovery, including reassuring the public that Bybit was working to close the gap caused by the breach. “Bybit has already fully closed the ETH gap, and a new audited Proof of Reserves (POR) report will be published very soon to show that Bybit is again back to 100% 1:1 on client assets,” he shared in a tweet, noting that Bybit had received a total of 446,870 ETH, worth $1.23 billion, through loans and deposits to bolster its reserves.
Transparency and Security
Despite the severity of the incident, Bybit has emerged resilient. The platform’s response to the data breach at Bybit has been quick and transparent. Within hours of the attack, Bybit processed over 350,000 withdrawal requests and completed 99.9% of them by 1:45 AM UTC. In total, the exchange processed over 580,000 successful withdrawal requests.
The company’s security team worked relentlessly to restore all services, and by February 22, 2025, Bybit’s deposit and withdrawal activity had returned to pre-incident levels. Total deposits slightly exceeded withdrawals, further indicating the market’s confidence in Bybit’s operations. Additionally, Bybit observed a surge in crypto asset deposits worth approximately $1.5 billion, reinforcing the platform’s reliability.
Although the incident led to a temporary spike in trading volumes, which saw users reallocating assets, the market has since stabilized. Bybit’s trading environment is now back to normal, with no unusual liquidations or sell-offs being reported.
Continuous Improvement in Security Measures
As part of its ongoing commitment to user security, Bybit has reassured its community that the platform is working to strengthen its security infrastructure. The exchange has promised to implement further measures to prevent future incidents and upgrade trust levels in its platform.
Bybit’s approach to handling the cyberattack also highlights the importance of collaboration within the crypto community. Throughout the crisis, the platform received support from industry peers and partners, with many offering assistance in freezing the attacker’s stolen assets and blocking blacklisted addresses. This kind of teamwork has been instrumental in preventing the cyberattack from spiraling into a larger-scale disaster for the platform and its users.
In addition to restoring its systems, Bybit has committed to publishing an audited Proof of Reserves report to demonstrate the complete recovery of its ETH reserves, offering users further transparency into the platform’s operations. Bybit has also urged users to stay vigilant and protect themselves against scams, reminding them that Bybit will never ask for personal information, deposits, or passwords.
With strong support from both users and partners, Bybit’s prompt actions have limited the attack’s damage and reinforced the importance of collaboration within the crypto community.
