Massive $1.4B ETH, stETH Exodus From Bybit Sparks Security Concerns

Onchain Experts Report $1B+ Outflow From Bybit in Latest Security Incident

The incident saw $1.4 billion in ETH and stETH funds exit the exchange as the assets were quickly moved to new addresses where parts of the holdings were already allegedly sold. Notably, approximately $200 million stETH was sold, raising concerns among market participants. ZachXBT reported that mETH and stETH are currently being swapped on decentralized exchanges ( DEX) for ETH, suggesting coordinated activity in response to the breach.

ZachXBT, whose “sources confirm it as a security incident,” urged exchanges and related services to blacklist several addresses across all EVM chains, including the primary address 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2. The swift movement of funds and immediate sale of portions has prompted ongoing monitoring and further updates as new information becomes available. Bybit’s CEO also confirmed the breach.

“Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago,” Ben Zhou noted on Friday. “It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe. However, the signing message was to change the smart contract logic of our ETH cold wallet.” Bybit’s CEO Zhou added:

This [resulted in the hacker taking control] of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops, If any team can help us to track the stolen fund will be appreciated.

In another post, ZachXBT said “The attacker just split 10K ETH to 39 addresses. If you are an exchange or service who follows my channel blacklist these addresses on all EVM chains”