Reports suggest that the attackers manipulated the transaction process, specifically targeting the signing interface. By altering the underlying smart contract logic, they were able to redirect the funds to their own addresses while presenting seemingly legitimate transaction details to Bybit's security systems.

Bybit's CEO, Ben Zhou, has confirmed the breach and assured users that the exchange remains financially stable, with sufficient reserves to cover the losses.

The company is collaborating with blockchain forensic experts to trace the stolen funds and is investigating the root cause of the attack, focusing on potential vulnerabilities in the Safe.global platform, which was used for Bybit’s Ethereum cold wallet. While Bybit has stated that other wallets remain secure, the incident underscores the ongoing security challenges faced by cryptocurrency exchanges, even those employing advanced protective measures like cold storage. The breach has led to a surge in customer withdrawal requests, but Bybit reports that all requests are being processed. The company is also working closely with law enforcement in efforts to recover the stolen assets.

Sources and related content.