Bybit Reports Unauthorized Activity in ETH Cold Wallet, Launches Investigation

Cryptocurrency exchange Bybit has confirmed a security breach affecting one of its Ethereum (ETH) cold wallets. The incident occurred during a routine transfer from a multisig cold wallet to a warm wallet when an advanced attack compromised the transaction process.

According to Bybit, the attacker exploited a sophisticated vulnerability by manipulating the signing interface. While the interface displayed the correct destination address, the underlying smart contract logic was altered, enabling the attacker to reroute the funds. As a result, the perpetrator gained control of the compromised ETH cold wallet and transferred its holdings to an unknown address.

Bybit’s security team, working alongside blockchain forensic experts and industry partners, has launched a full-scale investigation to trace the stolen assets and identify those responsible. The exchange has also invited blockchain analytics and fund recovery specialists to assist in the effort.

In an official statement, Bybit reassured users that all other cold wallets remain secure and unaffected. The company emphasized that client funds are safe and operations continue without disruption.

“Transparency and security remain our top priorities,” Bybit stated. “We are committed to keeping our community informed and will provide updates as soon as possible.”

The breach underscores the increasing sophistication of cyberattacks targeting cryptocurrency infrastructure, even as exchanges strengthen their security measures. As investigations are ongoing, Bybit has yet to disclose the exact amount of ETH stolen or the full attack timeline.

Bybit’s swift response and industry-wide call for collaboration highlight the need for collective action to address emerging crypto threats. As the investigation progresses, further updates are expected.