Bybit exchange hacked, over $1.4 billion in ETH-related tokens drained

Cryptocurrency exchange Bybit has been hacked for over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH) and other ERC-20 tokens, according to onchain security analyst ZachXBT, who spotted the incident shortly after it occurred.Following the exploit, the onchain sleuth warned users to blacklist addresses associated with the hack. Bybit co-founder and CEO Ben Zhou confirmed the incident and provided an update on the security breach.Zhou confirmed that a transfer was made from the exchange’s multisignature wallet to a warm wallet approximately one hour prior.The CEO said the specific transaction was masked to appear legitimate but contained malicious source code designed to alter the smart contract logic of the wallet and siphon funds. Zhou reassured customers:“Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops. If any team can help us to track the stolen fund will be appreciated.”The incident follows several high-profile hacks and security incidents throughout 2024 and early 2025 that left crypto exchanges drained of funds.“Bybit is Solvent even if this hack loss is not recovered, all of the client’s assets are 1 to 1 backed — we can cover the loss,” the Bybit CEO added in a separate post.In an X statement, the exchange assured customers that its cold wallets “remain fully secure,” adding that “all client funds are safe, and our operations continue as usual without any disruption.”The price of Ether (ETH) dropped by over 3% following the hack’s confirmation as the breach — among the largest in recent crypto history — sent shockwaves through the market.Uptick in security incidents and scams in February 2025The crypto industry has experienced an uptick in hacks and scam-related activity in the first several weeks of February 2025.ZkLend, a money-market protocol on Starknet, was hacked on Feb. 14 in an exploit that drained the protocol of $9.5 million.According to cybersecurity firm Cyvers, the malicious actor bridged the funds to Ethereum and the Railgun protocol in an attempt to launder them, but Railgun returned the stolen loot.Jupiter, a Solana-based decentralized exchange, and former Malaysian Prime Minister Mahathir Mohamad both suffered social media exploits on Feb. 5.In both incidents, the threat actors used the compromised accounts to promote fake memecoins.Eliza Labs founder Shaw Walters was another recent victim of a social media hack. The hacker took control of Walters’ X account and began posting scam links.Walters said the hack occurred despite having two-factor security authentication on his X account.