How Hackers Stole Over $1.4 Billion from Bybit Making it the Largest Crypto Heist in History

The Bybit hack is officially the largest crypto heist in history, with over $1.46 billion stolen. This accounts for 16% of all previous crypto hacks combined. The magnitude of this breach is unprecedented, shaking confidence in crypto security. Here’s what happened, what we know so far, and why this event could change everything.

The Timeline of the Attack

1. Suspicious Outflows Detected

The first red flag appeared when @ZachXBT, a well-known blockchain investigator, reported “suspicious outflows” from Bybit amounting to over $1.46 billion. The hacker began swapping mETH and stETH for ETH on decentralized exchanges (DEXs), attempting to move the stolen funds discreetly.

As the attacker refined their tactics, they split 10,000 ETH into 39 different addresses, followed by another 10,000 ETH into 9 more addresses, making the stolen assets harder to trace.

2. The Terrifying Reality: Humans Were the Weak Link

This wasn’t a typical exploit where smart contract vulnerabilities were leveraged. Instead, the hacker executed a sophisticated social engineering attack that tricked Bybit’s multisig signers into approving fraudulent transactions.

Each Bybit multisig signer saw a legitimate-looking UI from @safe, which displayed the correct transaction. However, behind the scenes, they were actually approving changes to the smart contract logic of Bybit’s ETH cold wallet.

Bybit’s founder explained:

“All signers saw the masked UI, which showed the correct address, and the URL was from @safe. However, the signing message was to change the smart contract logic of our ETH cold wallet.”

This hack proves that even multisig security measures can be bypassed if attackers can manipulate what users see when they sign transactions.

3. The Hacker’s Strategy

The attacker executed their plan flawlessly by:

• Identifying each multisig signer at Bybit
• Infecting each device with malware
• Manipulating the UI to display false information
• Getting all signers to unknowingly approve the exploit

Cold wallet security just got redefined—even offline assets are vulnerable if human oversight is compromised.

Bybit’s Response: Managing the Crisis

4. Financial Solvency and Customer Assurance

Despite the massive loss, Bybit reassured its users:

“Bybit is solvent even if this hack loss is not recovered. All client assets are 1-to-1 backed, and we can cover the loss.”

The exchange claimed it could handle a bank run scenario, stating they had enough tokens to meet customer withdrawals.

5. Ongoing Investigations

@safe, the platform used for Bybit’s multisig wallet, has launched an internal security review:

“Safe’s security team is working closely with @Bybit_Official. We have not found evidence that the official Safe frontend was compromised.”

As a precaution, certain functionalities have been paused while they investigate further.

6. Withdrawals Continue as Normal

Surprisingly, Bybit has continued processing withdrawals. They assert that only their ETH cold wallet was compromised, while their hot wallets, warm wallets, and all other cold wallets remain secure.

Most exchanges shut down operations after a billion-dollar hack—Bybit’s ability to continue withdrawals suggests an unprecedented level of resilience.

What This Means for Crypto Security

7. Key Lessons from the Attack

This breach highlights a fundamental vulnerability in crypto security. No matter how robust the system, if attackers can manipulate what users SEE, the entire security framework collapses.

Key takeaways:

• Multisigs aren’t foolproof—if human signers are compromised, the entire system is at risk.
• Cold wallets aren’t automatically safe—malware and social engineering attacks can bypass them.
• Even secure smart contracts can be exploited—attackers are targeting human weaknesses, not just code vulnerabilities.
• Supply chain attacks are evolving—sophisticated threats require more advanced security measures.

8. The Next 48 Hours Are Critical

Questions that remain:

• Will Bybit recover any of the stolen funds?
• Can they maintain user trust in the long term?
• How exactly were the signers compromised?
• Will law enforcement get involved?

Meanwhile, every major exchange is likely re-examining their security protocols to prevent similar attacks.

Security Measures for Crypto Holders and Exchanges

To protect against such sophisticated hacks, crypto users and exchanges should implement the following security measures:

• Use hardware wallets with screen verification—always double-check transactions.
• Implement zero-trust security models—assume devices and UIs can be compromised.
• Never sign transactions blindly—understand what you’re approving.
• Layer security across multiple providers—don’t rely on a single security system.
• Beware of malware-infected UIs—malicious software can make legitimate sites look different.

What’s Next for Bybit and the Crypto Industry?

This $1.46 billion hack is unprecedented in scale, yet Bybit’s ability to continue operations without a total collapse is surprising. If they handle this crisis well, it could strengthen trust in the exchange. If they fail, it could lead to one of the biggest crypto exchange failures since FTX.

Final Thoughts

The Bybit hack is a wake-up call for the entire crypto industry. No amount of code security can replace human caution. Attackers are no longer just breaking smart contracts; they are breaking people.

As more details unfold, it will be fascinating to see how Bybit navigates this crisis—and what new security protocols will emerge in response.

Stay tuned for updates on this evolving situation, and stay safe in the crypto space.