Feb 24, 2025, 09:01 PM
https://vxdb.sh/content/images/size/w192...banner.jpg
At 2:16 PM UTC February 21st 2025, a routine transfer of 30,000 ETH was made from the ByBit Ethereum cold wallet to the ByBit Ethereum warm wallet. ByBit typically does this transfer every 2-3 weeks depending on the current balance of the ETH hot wallet. The warm wallet's balance was getting to a certain parameter which prompted for this transfer of funds from the cold wallet ETH reserve.
ByBit uses a multi signature wallet which is where multiple confirmation signatures need to be given in order for a transaction to be sent. This is a common security measure used by cold wallets or really any high value wallet. ByBit staff received the transaction that prompted to top up the ETH hot wallet through the Safe smart contract. Ben Zhou, CEO of Bybit, stated on a livestream "When we saw the transaction it was business as usual". Ben used his Ledger cold wallet as the last signer for the transaction after he double checked the destination address was correct in the Safe UI, as well as making sure the URL was the official 'Safe.global' site.
https://vxdb.sh/content/images/2025/02/S....02-PM.png
Sometime around 2:45PM UTC Ben Zhou received a phone call notifying him that the ByBit cold wallet had been drained.
In a tweet from Ben Zhou he states, "Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from Safe (Their cold wallet provider) . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transferd all ETH in the cold wallet to this unidentified address."
A smart contract is a self-executing program on the blockchain that automatically enforces the set terms of an agreement without needing a middleman. Safe offers a multi-signature smart contract wallet on Ethereum. ByBit uses cold storage for their Ethereum reservers, which keeps the signing keys offline on something like a Ledger or Trezor, while managing assets securely through its smart contract-based wallet on Safe.
https://vxdb.sh/content/images/size/w100...AHwhj.jpeg
The signing message was able to change the logic, or the set terms of the smart contract for ByBits cold storage. The hacker took control of the ETH cold wallet and transferred all 400k ETH in the cold wallet to their own address.
Read Full here :- https://vxdb.sh/the-largest-crypto-heist-of-all-time/
At 2:16 PM UTC February 21st 2025, a routine transfer of 30,000 ETH was made from the ByBit Ethereum cold wallet to the ByBit Ethereum warm wallet. ByBit typically does this transfer every 2-3 weeks depending on the current balance of the ETH hot wallet. The warm wallet's balance was getting to a certain parameter which prompted for this transfer of funds from the cold wallet ETH reserve.
ByBit uses a multi signature wallet which is where multiple confirmation signatures need to be given in order for a transaction to be sent. This is a common security measure used by cold wallets or really any high value wallet. ByBit staff received the transaction that prompted to top up the ETH hot wallet through the Safe smart contract. Ben Zhou, CEO of Bybit, stated on a livestream "When we saw the transaction it was business as usual". Ben used his Ledger cold wallet as the last signer for the transaction after he double checked the destination address was correct in the Safe UI, as well as making sure the URL was the official 'Safe.global' site.
https://vxdb.sh/content/images/2025/02/S....02-PM.png
Sometime around 2:45PM UTC Ben Zhou received a phone call notifying him that the ByBit cold wallet had been drained.
In a tweet from Ben Zhou he states, "Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from Safe (Their cold wallet provider) . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transferd all ETH in the cold wallet to this unidentified address."
A smart contract is a self-executing program on the blockchain that automatically enforces the set terms of an agreement without needing a middleman. Safe offers a multi-signature smart contract wallet on Ethereum. ByBit uses cold storage for their Ethereum reservers, which keeps the signing keys offline on something like a Ledger or Trezor, while managing assets securely through its smart contract-based wallet on Safe.
https://vxdb.sh/content/images/size/w100...AHwhj.jpeg
The signing message was able to change the logic, or the set terms of the smart contract for ByBits cold storage. The hacker took control of the ETH cold wallet and transferred all 400k ETH in the cold wallet to their own address.
Read Full here :- https://vxdb.sh/the-largest-crypto-heist-of-all-time/
![[Image: 128.gif]](https://i.ibb.co/hJ2HmDxK/128.gif)
