In talk with Wu Blockchain podcast, Bybit CEO Ben Zhou discussed the hack and what exactly happened during a cold-to-hot wallet transfer between 9:30 and 10:00 AM Singapore Time (UTC+8). Zhou informed that the exchange performs cold-to-hold wallet transfer very two or three weeks to manage liquidity.
Multi-Signature Protocol and Transaction Approval Process Explained
Bybit has employed Safe (formerly known as Gnosis Safe) as its multi-signature solution for Ethereum cold wallets, which requires approvals from multiple authorized signatories. Zhou, is the last person that approves the transactions on the exchange.
According to Zhou, in a broadcast, he mentioned that he followed the standard procedure. He verified the transaction through Safe’s official URL and confirmed that the destination address matched Bybit’s hot wallet. After signing with a ledger hardware wallet, Zhou noted a critical issue: the Ledger screen displayed raw transaction code rather than a clear destination address.
Although he reviewed some of the code, he did not conduct a thorough examination of all details necessary to ensure the transaction was legitimate as per Wu Blockchain.
Exploit Timeline and Immediate Aftermath
Within 30 minutes of signing, Bybit’s security team received an emergency report that the cold wallet had been emptied. Blockchain analysts later revealed that hackers manipulated the transaction interface to display a legitimate transaction while executing a malicious one behind the scene.
The breach is currently being linked to North Korea’s Lazarus Group, known for carrying out such high profile crypto hacks and thefts.
In response to the hack, Zhou immediately stopped withdrawals and initiated an investigation along with cybersecurity firms to assess the damage. He also worked on securing the remaining assets.
Bybit has since secured bridge loans to restore its Ethereum reserves and is working closely with law enforcement agencies to track the stolen funds.
Quick Recap of the Hack
On February 21, 2025, Bybit CEO Ben Zhou confirmed that the cryptocurrency exchange suffered a significant security breach, which led to a theft of approximately 401,347 ETH, valued at approximately $1.5 billion.
Also Read: Bybit’s $1.5B Hack: Bitget Steps in as a ‘White Knight”
