By Giuseppe Ciccomascolo
Key Takeaways
Bybit reported a breach involving one of its ETH cold wallets, triggered by a manipulated transfer.
In response to the breach, Bybit has assured its users that the rest of its cold wallets remain secure and that client funds are safe.
This week, a former payroll executive was sentenced to nearly 10 years in prison after embezzling $5.7 million from Bybit.
Bybit reported a security breach involving one of its ETH cold wallets, in which a sophisticated attack stole funds.
The exchange assured users that other cold wallets remain secure and funds are unaffected as they investigate the incident.
It already made headlines this week as a former executive received a 10-year sentence after embezzling money from the exchange.
Bybit Reports Unauthorized Activity on ETH Cold Wallet
Bybit has reported a breach involving one of their ETH cold wallets. The platform stated that the issue started when a “sophisticated attack” manipulated a routine transfer from their ETH multisig cold wallet to their warm wallet.
The exchange stated, “The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet.”
“Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” it added.
This manipulation allowed the attacker to gain control of the wallet and ultimately transfer the funds to an unidentified address.
The attack exploited vulnerabilities in the smart contract logic despite the correct address appearing, highlighting the increasing complexity of blockchain-related cyber threats.
Bybit’s Response
In response to the breach, Bybit has taken immediate action. “Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident,” the exchange assured its community.
The company also invited collaboration from other teams, stating, “Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.”
Importantly, Bybit has assured users that the attack did not impact the overall security of its platform.
“We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption.”
Bybit emphasized that transparency and security are central to its operations, adding, “Transparency and security remain our top priorities, and we will provide updates asap.”
The exchange remains and will provide ongoing updates as the investigation progresses.
Former Executive Sentenced 10 Years
Bybit made headlines this week when a former payroll executive, Ho Kai Xin, was sentenced to nearly 10 years in prison for embezzling nearly $5.7 million to fund a lavish lifestyle.
Ho, who managed payroll for the crypto exchange, pleaded guilty to multiple charges, including cheating and criminal conduct.
She began diverting funds in May 2022 by manipulating Excel files to authorize payments to herself. Then, she transferred hundreds of thousands each month.
Ho laundered over $4.3 million into luxury goods, cars, and real estate.
Despite the court ordering her to forfeit her assets in 2023, she continued spending until authorities arrested her in April 2023.
Bybit managed to recover $1.2 million in stolen funds.
Ho’s case is one of Singapore’s highest-profile crypto fraud convictions.
