The price of coins fell on Friday after confirmation that the major central crypto exchange Bybit had been hacked. $1.4 billion in tokens was stolen.
More than $1.4 billion worth of Ethereum (ETH) and stETH were withdrawn from Bybit's hot wallet on Friday, and a large chunk of the funds were being sold via decentralized exchanges.
Ben Zhou (co-founder and CEO of Bybit) confirmed the incident in a blog post published on X, formerly Twitter. Zhou said that a scheduled transfer had been manipulated somehow. The funds involved were also stolen.
"However, the signing message was to change the smart contract logic of our ETH cold wallet," Zhou, said "[The] hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address."
"All other cold wallets are secure. All withdraws are NORMAL," Zhou has been added.
Ethereum’s price has fallen by nearly 3 percent in an hour. It is currently $2,727. Bitcoin has also dropped to $98,091.
Ahead of Zhou's post, noted pseudonymous security researcher ZachXBT wrote in his Telegram channel that there were "suspicious outflows" Bybit, and a reliable source told him it was an a "security incident."
Since then, he has said that ETH funds are being spread across 39 different accounts as the attacker tries to confuse their flow in order to make the funds harder to track.
"Bybit detected unauthorized activity involving one of our ETH cold wallets," The exchange is written in X. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address."
Zhou assured the public and industry shortly after that it would be able deal with the loss.
"Bybit is solvent even if this hack loss is not recovered," He has written. "All of clients' assets are 1-to-1 backed, we can cover the loss."
Editor's note: This story is developing and will be updated with additional details.
