The Dubai-based cryptocurrency exchange BIBit is hit by what could become the biggest Crypto Heist to date. The hackers stole around $1.5 billion worth of Ethereum after violating one of the company’s cold wallets. The attacker moved around 401,000 ETH to an unknown address, raising serious concerns about the security of the crypto industry.
Bibit CEO Ben Zhou confirmed the violation and ensured the user that the exchange remains a solvent and that all client assets are fully supported. He emphasized that the drawers and unaffected wallets are still working. Following the attack, BYBIT processed more than 350,000 withdrawal requests.
The biggest code exchange hack ever
“Even if the losses of this hack have not been recovered, Bibit is a solvent. All client assets have 1-1 backs and can cover the losses,” Zhou said following the incident, adding that the company’s other He added that the wallets and drawers were not affected. The company said it has more than $20 billion in assets under its control.
How did that happen?
Zhou explained that hacks were made that were supposed to be a routine transfer from a cold wallet, an offline storage system, to a warm wallet used for daily transactions.
“Unfortunately, this transaction was manipulated by a sophisticated attack that hides the signature interface and displays the correct address while modifying the underlying smart contract logic,” Bybit said in an X post.
In another post on X, Bybit said that during regular transfers to a warm wallet, it detected fraudulent activity in one of its ETH cold wallets. Hackers manipulated the signature interface and made transactions appear legal while modifying the underlying smart contract logic. This allowed them to control the cold wallet and move funds to an unknown address.
“As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
Bybit’s security team is investigating violations between blockchain forensic experts and industry partners. The company is inviting a team specializing in blockchain analysis and fund recovery to help track stolen assets.
Bibit has detected rogue activity that includes one of our ETH cold wallets. The incident occurred when ETH Multisig Cold Wallet carried out a transition to a warm wallet. Unfortunately, this transaction was manipulated by a sophisticated attack that hid its signature…
– BYBIT (@BYBIT_OFFICIAL) February 21, 2025
The attacker was able to control the cold wallet and move its holdings to an unknown address.
“Even if this loss has not been recovered, Bibit is a solvent. All client assets are fully supported. Zhou said, adding that the exchange holds assets of more than $20 billion. Ta.
Track stolen funds
The Blockchain Forensics team is working to track stolen funds. Research firm Arkham Intelligence reported that the stolen Ethereum had already been moved to a new address and was sold.
Zachxbt, a well-known blockchain investigator, traced theft of a hacker sponsored by the North Korean state. The attack is similar to previous violations in Wazirx and Radiant Capital. The attacker tricked the user into signing an unauthorized transaction.
Disassemble the exploit
Hackers used several techniques to exchange attacks, including:
Address manipulation: The “to” address looked normal in the UI, but I redirected the funds to a malicious wallet in the background. Delegate Call Exploit: A transaction contained an operation type that allowed external contracts to execute code with full control. Storage Slot Operation: Hackers changed the key storage slots on their contracts and replaced Bybit’s legitimate security settings with their own malicious version.
Could this be prevented?
Security experts say the attack could have been avoided through a more stringent verification process.
Proper Hardware Wallet Check: Transactions should be reviewed directly in the hardware wallet, not just in the UI. Avoiding blind signing: Many wallets do not display full transaction details and lead users to approving a transaction without knowing exactly what they are signing. Using Blockchain Explorer: Etherscan did not flag any contract changes, but BlockScout correctly identifies the exploit.
The whole picture
The attack is a reminder of the security challenges facing the crypto industry. More than $2.2 billion has been stolen from the Crypto platform this year alone, according to Chainalysis.
Bybit is currently working with forensic experts to collect stolen funds, but for now the hackers remain unidentified. Until security increases, users must take additional precautions before signing a transaction.
Founded in March 2018, BYBit offers a professional crypto exchange platform where Crypto Traders can find ultra-fast matching engines, excellent customer service and multilingual community support. Currently, BYBit is the world’s third most visited cryptocurrency exchange with over 5 million registered users.
Source link
