Bybit – What Do We Know So Far
Contents
Bybit – What Do We Know So Far
The February 2025 Bybit hack exposed critical security gaps across multiple domains. This summary compiles findings from various investigations, shedding light on the attackers’ tactics, industry-wide risks, and key lessons to enhance crypto security.
Background
On Friday, February 21, 2025, Bybit detected unauthorized activity involving Bybit’s Ethereum (ETH) cold wallets. The incident occurred when an ETH multisig transaction was facilitated through Safe{Wallet} from a cold wallet to a warm wallet, during which the attackers intervened and manipulated the transaction.
Since the heist, multiple teams, including Sygnia, have analyzed this attack from various angles, releasing statements and reports.
This paper summaries what is currently known about this incident, highlights what remains undisclosed and provides key lessons from the attack.
Key Insights
- The Bybit attack demonstrated a sophisticated, multi-stage approach which ultimately allowed the threat actor to take control of Bybit’s cold wallet and siphon funds.
- During the attack, the …
The February 2025 Bybit hack exposed critical security gaps across multiple domains. This summary compiles findings from various investigations, shedding light on the attackers’ tactics, industry-wide risks, and key lessons to enhance crypto security.
Background
On Friday, February 21, 2025, Bybit detected unauthorized activity involving Bybit’s Ethereum (ETH) cold wallets. The incident occurred when an ETH multisig transaction was facilitated through Safe{Wallet} from a cold wallet to a warm wallet, during which the attackers intervened and manipulated the transaction.
Since the heist, multiple teams, including Sygnia, have analyzed this attack from various angles, releasing statements and reports.
This paper summaries what is currently known about this incident, highlights what remains undisclosed and provides key lessons from the attack.
Key Insights
- The Bybit attack demonstrated a sophisticated, multi-stage approach which ultimately allowed the threat actor to take control of Bybit’s cold wallet and siphon funds.
- During the attack, the …