« Reports in 2025 »

779 reports

2025-02-23 • Checkpoint

Check Point analyzed the February 2025 Bybit theft in which attackers compromised an offline Ethereum wallet and stole roughly $1.5 billion in digital assets. The attack abused signer trust rather than a smart contract flaw: multisig participants were sho…

#Bybit
2025-02-22 • Arkm

Arkham reports that Bybit's ETH cold wallet lost roughly $1.5 billion in ETH, stETH, mETH, and cmETH after a fraudulent transaction was signed during a scheduled cold-wallet migration. The attacker moved 401K ETH, 90.4K stETH, 8,000 mETH, and 15,000 cmETH…

#Bybit
2025-02-22 • Rekt

Rekt describes the Bybit theft as a compromise of the exchange’s Ethereum cold-wallet signing process that drained roughly 401,346 ETH, 90,375 stETH, 15,000 cmETH, and 8,000 mETH. The attackers presented signers with a legitimate-looking Safe interface wh…

#Bybit
2025-02-22 • David

The Bybit attack used a trojan contract and a backdoor contract to turn a signed transaction into a malicious upgrade of an upgradeable Safe multisig cold wallet. Signers were tricked into authorizing a zero-token ERC-20 transfer to an unlisted contract, …

#Bybit