Bybit hacked for almost $1.5 billion in the biggest crypto theft ever

While 20th-century heists involved scoping out a location, recruiting a person on the inside and having a daredevil getaway driver waiting outside, the 21st-century version looks more like what Bybit experienced today. A hacker stole nearly $1.5 billion in Ethereum (ETH) and staked Ethereum from one of the exchange's offline wallets, nabbing the largest cryptocurrency haul ever. One blockchain security expert said it's likely the all-time biggest heist of any kind, not just crypto.

Bybit CEO Ben Zhou posted on X that the hacker took control of one of the exchange's cold (offline) wallets, manipulating a planned transfer and sending it to an unknown party. "The signing message was to change the smart contract logic of our ETH cold wallet," Zhou wrote. He explained that the hacker "took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address."

Rob Behnke, co-founder and executive chairman of blockchain security company Halborn, told Bloomberg the heist was likely the "largest incident ever, not just crypto."

The Bybit hack eclipses the previous record crypto thefts, including $620 million taken in 2022 from the Ronin Network and $610 million from Poly Network in 2021. There was also the infamous Mt. Gox hack of 2011, which took 850,000 Bitcoins. That translated to around $450 million in losses at the time. But one asterisk on Bybit's "biggest ever" title is that the Mt. Gox haul would be worth significantly more today: over $81 billion. It's hard to imagine what numbers for similar incidents could look like in a decade.

According to Bloomberg, Bybit had around $16.2 billion in assets before the hack, averaging over $36 billion in daily trading. Friday's theft accounted for around nine percent of its total assets. As news of the heist spread, Ether dropped as much as 6.7 percent from its high of the day. Bitcoin also shaved about three percent off its high on Friday.

In what sounds like the ultimate embodiment of the "This is fine" meme, Zhou capped his X post by reassuring customers that everything is okie-dokie at Bybit. "Please rest assured that all other cold wallets are secure," he posted. "All withdraws are NORMAL." (Normal in all caps is most definitely a sign that things are peachy.)

To be fair, Zhou said Bybit had already secured around 80 percent of the funding needed to cover the loss through partner bridge loans. So, perhaps the Dubai-based exchange will recover from the incident better than one would imagine. "Your money is safe, and our withdrawals are still open," he added on a livestream.

On the other hand, Bybit's X account posted a request for help. After stating that its security team and blockchain forensic experts were on the case, it added, "Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us."

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/bybit-hacked-for-almost-15-billion-in-the-biggest-crypto-theft-ever-212248349.html?src=rss https://www.engadget.com/cybersecurity/bybit-hacked-for-almost-15-billion-in-the-biggest-crypto-theft-ever-212248349.html?src=rss