Bybit faces US$5.5 billion in outflows after US$1.5 billion hack, sparking debate over blockchain security and governance
Bybit, one of the largest cryptocurrency exchanges, suffered a US$1.5bn security breach that has since triggered US$5.5bn in outflows.
While the scale of the hack is clear, according to The Canadian Press, attention has now shifted to how it happened and what it reveals about broader security flaws in crypto storage solutions.
How the Hack Occurred
The attack, as first reported by Bybit and covered by The Canadian Press, occurred when hackers manipulated a routine Ethereum transfer, diverting funds to an unidentified address.
Initial investigations suggest the exploit targeted multi-signature (multi-sig) cold wallets; a method long considered a secure way to store digital assets.
According to Forbes, the attack leveraged vulnerabilities in Safe, a decentralized custody protocol that allows exchanges to maintain security through smart contract wallets.
Bybit CEO Ben Zhou confirmed that approximately 70 percent of its Ethereum holdings were compromised.
The attackers reportedly used a sophisticated technique that manipulated call data, replacing Safe’s implementation with a compromised version that enabled unauthorized transactions.
Binance co-founder Changpeng Zhao (CZ) and other industry experts pointed to North Korea’s Lazarus Group as a likely culprit, citing the group’s history of major exchange hacks.
Forbes reported that the attackers altered Bybit’s front-end interface to display a legitimate transaction while signing a different, malicious one behind the scenes—an increasingly common tactic in crypto heists.
The Security Implications
The breach has exposed significant weaknesses in multi-sig cold storage solutions.
CZ and security experts from Ledger and Fireblocks have warned that multi-sig wallets, while widely used, are increasingly vulnerable to sophisticated exploits.
Forbes detailed how attackers no longer need to breach a single entity; instead, they exploit transaction visibility gaps in multi-sig systems.
Pascal Gauthier, CEO of Ledger, told Forbes, “These hacks are preventable, and enterprise-grade security is necessary for large transactions.”
He emphasized the importance of Clear Signing, a verification process that allows users to fully review transaction details before signing. Without this, attackers can manipulate transaction data undetected.
Fireblocks also recommended that exchanges move from multi-sig wallets to Distributed Multi-Party Computation (MPC) wallets, which fragment key access across multiple entities. This approach reduces the risk of a single compromised key leading to a complete breach.
Bybit’s Response and Liquidity Crisis
Bybit’s response was swift but not without challenges. CoinDesk reported that the exchange saw a rush of withdrawal requests, with total assets dropping from US$16.9bn to US$11.2bn.
While Ethereum was the primary target of the attack, stablecoins became the most withdrawn asset as users sought to secure their funds.
Compounding the crisis, Safe temporarily disabled its smart wallet functionalities, locking US$3bn of Bybit’s USDT reserves.
Zhou revealed in an X Spaces session that his team had to manually verify transactions using a custom-built system based on Etherscan to process withdrawals.
The exchange ultimately secured additional liquidity to cover outflows, but not before facing what Zhou described as a “50 percent bank run.”
Calls for an Ethereum Rollback
The hack has reignited debates about blockchain immutability. CoinDesk reported that Bybit engaged Singaporean authorities and blockchain analysis firms like Chainalysis in an effort to recover the stolen funds.
Zhou confirmed that his team even explored the possibility of rolling back the Ethereum blockchain, a suggestion made by BitMEX co-founder Arthur Hayes.
“I had my team talking to Vitalik and the Ethereum Foundation to see if there’s any recommendations they can offer to help,” Zhou said.
While technically possible, a rollback would require broad consensus and could lead to a contentious hard fork, splitting the Ethereum network.
Industry-Wide Security Reassessment
The Bybit hack has forced exchanges to reevaluate their security measures. Forbes reported that security firms are now pushing for more rigorous transaction verification, stronger governance frameworks, and reduced reliance on exchange-controlled wallets.
One key recommendation is the adoption of off-exchange trading solutions. Fireblocks’ Off Exchange Settlement model, for example, allows institutions to trade while keeping assets in segregated collateral accounts rather than vulnerable hot wallets.
Similarly, Ledger’s Tradelink platform minimizes exposure by securing assets in off-exchange environments.
The Recovery Bounty and Future Outlook
Bybit has since launched a US$140m bounty program, pledging 10 percent of any recovered funds to cybersecurity experts. In its press release, the exchange called for collaboration within the crypto industry to track and recover the stolen assets.
Zhou stated, “We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors.”
Despite the scale of the attack, Bybit remains operational, and its leadership is working to rebuild trust.
However, the incident has underscored the growing sophistication of crypto hacks and the need for a fundamental shift in security practices. If exchanges do not adapt, they risk becoming the next target.
