In what is being called the largest crypto theft in history, major exchange Bybit has confirmed that hackers stole approximately 401,346 Ethereum (ETH)—valued at $1.4 billion—from one of its cold wallets.

Bybit CEO Confirms Massive Security Breach

Bybit’s CEO and co-founder, Ben Zhou, revealed in a live stream on Friday that the sophisticated attack exploited a multi-sig cold wallet, which was manipulated to transfer funds to a warm wallet connected to the internet.

In a post on X (formerly Twitter), Bybit explained how the breach occurred:

“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic.”

This manipulation allowed the attacker to gain full control of the wallet and move the stolen funds to an unidentified address.

The Largest Crypto Heist in History

This staggering $1.4 billion theft surpasses previous high-profile crypto hacks, including:

• Ronin Network Hack ($624 million)
• Poly Network Exploit ($611 million)

According to Tom Robinson, co-founder of blockchain analytics firm Elliptic, this may even be the largest single theft of all time, beyond just crypto-related heists.

Security Teams Mobilized as Investigations Begin

Bybit assured its users that all other cold wallets remain secure, and client funds are not affected. The exchange is now collaborating with leading blockchain forensic experts to track the stolen assets and identify the perpetrators.

The hack highlights the increasing security risks in the crypto industry. Chainalysis reports that in 2024 alone, hackers have stolen approximately $2.2 billion in cryptocurrency—up from $2 billion in 2023.

Notably, North Korean hacking groups have been responsible for $1.34 billion in crypto thefts across 47 incidents this year—a 102.88% increase compared to 2023’s $660.5 million across 20 attacks.

Bybit Remains Operational Despite the Breach

Despite the security incident, Bybit—headquartered in Dubai, UAE—stated that operations would continue without disruption.

With Bybit managing an estimated $16 billion in assets, this breach raises critical concerns about crypto exchange security and the growing sophistication of cybercriminals.