Quick take:
- Zhou said despite the hack all withdrawals remain normal and that the exchange is solvent and will cover the $1.46 billion stolen.
- The “masked transaction” transferred the funds from Bybit’s ETH multi-sig cold wallet to the exchange’s warm wallet.
- Zhou said the exchange is now open to any help in tracking the funds, but maintains that even if the assets are not recovered, they are fully backed 1-to-1.
Bybit has suffered a major breach to one of its ETH cold wallets, losing 514,723 ETH (approximately $1.46 billion) according to OnchainLens. News of the exploit was first posted by crypto researcher ZachXBT on the X platform, only to be confirmed the Bybit co-founder and CEO Ben Zhou moments later.
According to Zhou, the hacker used a masked address to change the smart contract logic of the exchange’s ETH cold wallet before transferring the funds to the platform’s warm wallet.
“It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe. However, the signing message was to change the smart contract logic of our ETH cold wallet,” Zhou posted on X after acknowledging the breach.
The sophisticated attacker masked the signing interface, displaying the correct address while altering the underlying smart contract logic. This enabled the attacker to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address, the crypto exchange platform said in a post.
The incident is currently being investigated by the company’s security team, alongside leading blockchain forensic experts and partners and is inviting any teams with expertise in blockchain analytics and fund recovery for assistance in tracing the funds.
According to the company, all other Bybit cold wallets remain secure, with the exchange also assuring clients that their funds remain safe with operations continuing as usual.
Zhou added that even if the assets are not recovered, all the client assets are fully backed 1-to-1 and that the exchange can cover the losses.
Stay on top of things:
Subscribe to our newsletter using this link – we won’t spam!
Follow us on X and Telegram.
Credit: Source link
