Tan0rz, a cryptocurrency enthusiast, reported that team members behind Bybit, a cryptocurrency exchange platform, were allegedly linked to a phishing website and unknowingly signed a malicious transaction. This led to unauthorized activity in one of the exchange’s Ethereum (ETH) cold wallets. The statement was made on X on February 21.
"The Bybit team members were linked to a phishing website and signed a malicious transaction," said Tanz0rz, Crypto Enthusiast. "Double checking the wallet address on your hardware wallet should be standard practice. no matter how compromised your system is, double checking the wallet address *on your hardware wallet* should be standard practice when signing something for a wallet holding hundreds of millions (billions?) of dollars."
According to an X post discussing Bybit's announcement, the security breach involved an Ethereum cold wallet being compromised, resulting in over $1.46 billion in stolen assets. The incident has prompted discussions within the cryptocurrency community regarding the reliability of cold storage and multisignature wallet systems. Attackers reportedly bypassed security by deceiving human signers rather than exploiting code flaws, as said by the co-founder of Polynomial on X.
Blockchain analyst ZachXBT reported suspicious outflows from Bybit, marking it as the largest single cryptocurrency hack in history. The stolen assets included 401,347 ETH alongside mETH and stETH, which were converted to ETH on decentralized exchanges. Estimates circulating on X suggest that this hack accounts for roughly 16% of all prior crypto hacks combined, surpassing the previous record set by the $620 million Ronin Network breach in March 2022.
Bybit suspended withdrawal and custody services in France on January 8, 2025, following regulatory pressure from the Autorité des Marchés Financiers (AMF), which had blacklisted the exchange in 2022 for operating without a Digital Asset Service Provider (DASP) license. Bybit was later removed from the AMF blacklist and resumed operations in France on February 14, 2025—just a week before a $1.46 billion hack targeted its Ethereum cold wallet on February 21. Meanwhile, India’s Financial Intelligence Unit regulations led Bybit to restrict trading while allowing withdrawals. This reflects a broader trend of exchanges scaling back in markets with complex Virtual Digital Asset rules, according to Bybit's website.
Tan0rz is known for his critical takes on industry news and regulatory developments within the crypto space. He joined X in July 2020 and frequently discusses topics related to blockchain security, Ethereum, and Bitcoin.
Founded in March 2018 and registered in the British Virgin Islands, Bybit is a leading cryptocurrency derivatives exchange headquartered in Singapore. By early 2025, it managed over $20 billion in assets and provided trading services for Bitcoin, Ethereum, and other digital assets globally. Despite regulatory challenges—including a $1.06 million fine in India for non-compliance in January 2025—the exchange continues to expand its operations according to Regulation Asia.
