The biggest security incident in the crypto space: Panoramic link tracking analysis of the Bybit incident

At 11:20 pm on February 21, Beijing time, ZachXBT published a message that shocked the crypto industry: "A suspicious fund outflow of up to $1.46 billion was detected on Bybit". This incident has attracted widespread attention in the entire crypto field. According to the monitoring data of blockchain security compliance company Beosin Trace, Bybit did encounter an unprecedented security incident, resulting in the withdrawal of approximately $1.44 billion in funds. The stolen assets include:

401,347 ETH, worth $1.12 billion;

90,376 stETH, valued at $253.16 million;

15,000 cmETH, worth $44.13 million;

8,000 mETH, valued at $23 million.

Over $1.4 billion in ETH-related assets may be the largest amount stolen in a security incident in the history of the crypto field, which has further exacerbated market concerns about the price performance of ETH and the security of Bybit assets.

Hacker tactics and incident details

Subsequent investigations revealed the specific details of the Bybit attack. Bybit co-founder Ben Zhou immediately confirmed the incident, saying that Bybit's official cold wallet had been hacked and that he had begun to urgently deal with related security issues.

The Beosin security team analyzed that the attack method of this incident is similar to that of WazirX. Both of them deceived the multi-signature wallet through the front-end UI, causing it to sign malicious content and tampering with the logic of the multi-signature wallet to implement the contract, resulting in the funds in the multi-signature wallet being transferred out.

Beosin Trace has tracked that the funds are currently divided into groups of 10,000 ETH and deposited in more than 40 Ethereum addresses. All hacker addresses have been added to the Beosin tag library. Beosin KYT will issue an alert for all fund transfers involving hacker addresses.

After the Beosin security team analyzed the address from which the hacker launched the initial attack, it was found that the handling fee funds of the address came from Binance.

The corresponding 4 Binance exchange withdrawal transaction hashes are:

0x64953fc1432bf106f5e8d6b0927a39130865fec013d8403bba8fc4382515884c

0xb9f9e43dc23bdb7b231925dc01e828990d3f84b8ad3305e83ffb6848711f871c

0xd6d871deece52f15e3f2c523dffad4b85c63125d72e4de702445a654de5ce100

0x0afa81cc9c0b0bfc4a9cd46c33bcdecf58199513e7c051e5a9df1617c211f69f

Bybit’s response and actions

At 00:07 on the 22nd, Bybit co-founder Ben Zhou responded in a post: “Even if the losses caused by this hacker attack cannot be recovered, Bybit’s assets are still 1:1 guaranteed, and we can bear the losses.”

At 8:54 this morning, Bybit co-founder and CEO Ben Zhou posted on X platform: "Since the hack (10 hours ago), Bybit has experienced the most withdrawals we have ever experienced. We have received more than 350,000 withdrawal requests in total, and so far, there are about 2,100 withdrawal requests pending. Overall, 99.994% of withdrawal requests have been successfully completed. If your withdrawal has been completed, please leave a message here. Although we may have suffered the most serious hacker attack on any platform in history (including banking, encryption, and finance), all Bybit functions and products are still operating normally. The entire team stayed up all night to handle and answer customer questions and concerns. All staff are mobilized. Rest assured, we are with you."

At 10:51 am, Ben Zhou posted on X platform: "It has been 12 hours since the worst hack in history. All withdrawals have been processed. Our withdrawal system is now fully back to normal speed and you can withdraw any amount without any delay. Thank you for your patience and we are deeply sorry for this. Bybit will release a full incident report and security measures in the next few days. I will also personally inform everyone of any new updates. Thank you to our customers, friends and partners who helped and supported us during these painful 12 hours. The real work has just begun."

An industry wake-up call for safety issues

Bybit's experience reflects the vulnerability of the entire crypto industry in terms of security protection. The crypto asset market has always faced great security risks due to its decentralized nature and the operating model of the exchange itself. As the hub of crypto assets, the security issues of centralized exchanges are directly related to the asset security of users and the stability of the entire market.

In fact, security incidents in the crypto industry are not uncommon. Historically, many exchanges and platforms have experienced similar hacker attacks, or even more serious fund thefts. For example, the explosive incident of Mt. Gox, or the thefts of exchanges such as WazirX and KuCoin in recent years, have shaken the crypto market. The Bybit incident has once again sounded the alarm for the industry.

The hacker attack on Bybit is not only a technical lesson for the crypto platform, but also a profound warning to the entire crypto industry. The security of exchanges is directly related to the healthy development of the market, and all parties in the industry still have a lot of work to do in strengthening security protection and improving technical levels. For users, improving their risk awareness and choosing a more secure platform for trading will also be an important part of future digital asset investment that cannot be ignored.