BYBIT HACKED: SOPHISTICATED ATTACK TARGETS EXCHANGE'S ETH COLD WALLET - Cryptocurrency exchange @Bybit_Official has reported unauthorized activity compromising one of its Ethereum (ETH) cold wallets. - The attack, confirmed by CEO Ben Zhao, has sent shockwaves through the crypto ecosystem. Numerous reports speculate that nearly $1.4B in losses have occurred. What Happened? - The incident unfolded when a routine transfer from the multisig cold wallet to a warm wallet was executed. However, this transaction fell victim to a cunning attack that "masked the signing interface," deceiving the signers into approving a malicious alteration. - According to Bybit, the displayed address appeared legitimate, but the underlying smart contract logic was tampered with, allowing the hacker to seize control of the wallet. - This sophisticated breach redirected all ETH holdings to an unidentified address, leaving Bybit scrambling to respond. - Meir Dolev, Co-founder and CTO of Web3 security platform, Cyvers, likened the incident to those that targeted WazirX and Radiant Capital, adding that it was caused by "blind signing" a transaction. - "This was likely caused by blind signing while attempting to execute a legitimate transaction. From that moment, the hacker gained full control over the wallet, eliminating the need for additional signatures. This attack closely resembles those targeting WazirX and Radiant Capital," Meir wrote on X. - Meanwhile, Arkham Intelligence disclosed that the hacker already transferred the stolen funds to multiple addresses. As of writing, $200M stETH has been sold, according to onchain data. - Following the hack, $ETH suffered a sharp decline, dropping by 4.5%. Users Fund Safe as Bybit Mobilizes Experts for Investigation: - Bybit’s security team has started working and collaborating with top-tier blockchain forensic experts and partners to unravel the breach. The exchange is also extending an open invitation to teams specializing in blockchain analytics and fund recovery to assist in tracing the stolen assets - CEO Ben Zhao emphasized the urgency of the situation, stating on X that any help to "track the stolen fund will be appreciated." - Despite the breach, Bybit has reassured its users that the incident was isolated to a single ETH cold wallet. The exchange confirmed that "all other Bybit cold wallets remain fully secure," and client funds are unaffected. - Operations, including withdrawals, continue seamlessly, with Zhao affirming that "all withdraws are normal." In the meantime, the CEO promised to keep the community "posted as more develops," signaling an ongoing commitment to open communication. BSCN News 😊