Bybit’s ETH cold wallet exploited for $1.46b

Bybit confirmed that his multi-siglet cold wallet had been raped, just hours after the crypto exchange increased access to liquidation data for transparency.

Ben Zhou CEO declared that the pirates infiltrated the exchanges (Ethn) Multi-Signature cold wallet, draining nearly $ 1.5 billion in crypto. The breach was first reported by the famous Sleuth Zachxbt, who alerted the public with suspicious withdrawals from Bybit.

Companies use multi-signating portfolios to mitigate failure points, as several parties must approve a transaction. If a signatory is compromised, the others can refuse to authorize fund transfers. However, in this case, the pirates managed to deceive all the signatories.

According to Zhou, the attackers masked a transaction to induce the portfolio signatories. While the team thought they were approving a legitimate address, it unknowingly authorized the changes to the intelligent contract managing the COLD portfolio of Bybit.

This allowed the pirates to remove all the ether and ether derivatives from the Bybit portfolio from an unknown address. The authors then started to exchange the stolen funds for Ethereum tokens on decentralized exchanges, Zachxbt reported.

Zachxbt also noted that the pirates divided the stolen assets on several addresses to escape the follow -up. The blockchain investigator has published a list of these addresses on his official telegram channelUndering the exchanges to put them in black list.

Meanwhile, Zhou assured users that the breach was isolated for the cold Ethereum de Bybit portfolio.

“Please, rest assured that all the other cold wallets are secure. All withdrawals are normal, ”added Zhou.

The attack on February 21 could be the greatest feat for a single exchange of crypto. At $ 1.46 billion, the stolen amount represents more than 50% of the total value of the cryptocurrency in 2024.

It is a story in development.