Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

How ByBit Exchange was Hacked & $1.5B Stolen? Understand Here

Written By Gopal Solanky
Published 2025-02-22·Updated 1 year ago
Make The Crypto Times preferred on GoogleGoogle
Share
How ByBit Exchange Hacked & $1.5B Stolen Understand Here

ByBit exchange has turned victim to, what seems to be one of the biggest crypto hacks so far, with the exchange losing over $1.5 billion of ETH on February 21.

While not affecting the whole platform, one of the exchange’s multi-signature cold wallets has been severely compromised with the hacker withdrawing billions of assets while managing to fool Bybit team members. 

The 2025 Bybit hack modus operandi is an eerie reminder of another infamous hack of WazirX exchange last year where hackers exploited its multisig cold wallet to steal $234.9 million.

As of now, Bybit has reassured users that their funds reserves are in the ratio 1:1. Yet several million users of Bybit exchange are currently in anxiety regarding the status of their funds.

Here is a detailed breakdown on how the Bybit hack occurred and what possible outcomes it could produce.

How did the ByBit hack happen? 

Similar to every major hacking incident in the crypto space, cold wallets and multisig wallets are at the center of this breach. ByBit and all other crypto exchanges use multisig wallets to add a layer of security in protecting exchange-held user funds. These specialized wallets require multiple approvals from different people to execute transactions. 

Musking

Outpassing this security feature, hackers employed a sophisticated technique called “Musking,” as defined by Bybit CEO Ben Zhou. Musking refers to a form of UI spoofing where the transaction details shown to signers are altered or masked and it processes malicious output on final execution. 

This tactic tricked Bybit’s multisig wallet signers into believing in a spoofed multisig dashboard, which hackers managed to update with a malicious smart contract. Here is the easy unfolding;

  1. Fake Transaction Interface 

The hackers manipulated Bybit’s transaction interface – which was provided by the prominent security firm Safe – and replaced it with a legitimate looking transaction request.

  1. Approval from Bybit multisig signers 

The Bybit team signed the transaction while believing that it could be a usual transfer of funds that exchange makes everyday. As the team has not shared full details, it could be assumed that the transaction was involving a smaller amount rather than the whole transfer of $1.3 billion of ETH, all at once.

  1. Control of the wallet

Following the signature approval, hackers gained control over the exchange wallet and moved out funds immediately. It also needs to be noted that not all wallets were affected but the wallet assigned with that particular multisig was accessed only. 

  1. Transfer of Funds 

Once hackers gained access to Bybit’s wallet, they begin moving funds to multiple unknown addresses. As per Arkham Intelligence, the hacker currently holds $1.3 billion of stolen ETH on 53 different wallets. 

WE’VE COMPILED A LIST OF BYBIT HACKER WALLETS

The Bybit Hacker currently holds $1.37B of ETH and has used 53 wallets so far.

Wallet list below: pic.twitter.com/oQK1MhYkqg

— Arkham (@arkham) February 21, 2025

What Security Expert Says?

While the incident looks quite simple on the front-end, it takes much effort from a security perspective to figure out the exact exploitation. One of the blockchain security expert team Dilation Effect says that only one signer was needed to be taken down in order to complete the attack because the attacker used a sophisticated social engineering technique.

Dilation Effect team states that the attacker executes the transfer function of a malicious contract through delegatecall. “The transfer code uses the SSTORE instruction to modify the value of slot 0, thereby changing the implementation address of the Bybit cold wallet multi-signature contract to the attacker’s address,” they said.

Current Status of Stolen Funds

As the hacker has now swiftly transferred assets to various addresses, it has made it difficult to track funds. Unlike other hacks, this time the hacker has not yet sent funds to the crypto mixer Tornado Cash to mix up funds and erase traces on blockchain. 

This latest hack has once again raised security concerns within the crypto space. Despite the use of the latest and advanced security techniques, hackers seem to have been outsmarting everything. As the funds are still held in Ethereum wallets, it also raises optimism for potential white-hat recovery as hackers are not attempting to vanish funds completely out of eye sights. 

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Pakistan's Top Islamic Scholar Rules Bitcoin, Ethereum, and USDT Haram
Pakistan’s Top Islamic Scholar Rules Bitcoin, Ethereum, and USDT Haram
Ethereum Crosses $1,800, and Eric Trump Has Just Three Words
Ethereum Crosses $1,800, and Eric Trump Has Just Three Words
The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
Hedera's Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum
Hedera’s Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum
Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets
Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets

Find Us on Socials

You may also like

Backpack Launches 24/7 Trading for Select U.S. Stocks

Backpack Launches 24/7 Trading for Select U.S. Stocks

Why is Black Bull (ANSEM) Token Down Today

Why is Black Bull (ANSEM) Token Down Today?

South Korea’s Gyeonggi Province to Test Stablecoins for Public Payments

South Korea’s Gyeonggi Province to Test Stablecoins for Public Payments

Robinhood Chain Outperforms Hyperliquid in Dex Volume

Robinhood Chain Outperforms Hyperliquid in Dex Volume

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information