In a shocking turn of events, crypto exchange Bybit has suffered a massive security breach, resulting in the loss of 401,346 ETH (worth approximately $1.13 billion) from its cold wallet. The attack was carried out through a deceptive transaction that tricked wallet signers into approving a change in smart contract logic.

How the Attack Unfolded

According to Bybit’s CEO, the incident took place when the platform’s ETH multisig cold wallet executed a transfer to its warm wallet. However, the transaction was “musked”—a deceptive tactic where the UI displayed the correct wallet address and a verified URL from @safe, misleading signers into believing it was a legitimate transaction.

Unknown to them, the actual signing message authorized a modification of the cold wallet’s smart contract logic, allowing the attacker to gain full control of the wallet. Once compromised, the hacker swiftly transferred the entire ETH balance to an unknown address.

Current Status and Bybit’s Response

Despite the breach, Bybit has reassured users that all other cold wallets remain secure and that withdrawals are operating as normal. The exchange is actively investigating the attack and has called upon blockchain security teams to help track the stolen funds.

The CEO has promised to provide updates as the situation develops. Meanwhile, industry experts are closely monitoring the hacker’s wallet for any movement of funds.