As admitted by the exchange’s CEO, a UI spoofing attack allowed hackers to alter the smart contract and drain Bybit’s cold wallet.
Crypto exchange Bybit has suffered a security breach that reportedly led to the loss of approximately $1.4 billion in Ethereum (ETH) and stETH. The incident, initially reported by on-chain analyst ZachXBT, was later confirmed by the exchange, which provided details on the sophisticated nature of the attack.
According to Bybit CEO Ben Zhou, the attack was carried out through UI spoofing, an advanced form of social engineering. Hackers managed to manipulate the user interface of the multisig wallet used for Bybit’s ETH cold storage, presenting a fake but seemingly legitimate transaction approval screen to the wallet signers.
“The signers saw a manipulated interface that appeared to come from Safe,” Zhou explained, referring to the multisig wallet management platform. “In reality, they were unknowingly authorizing a modification to the smart contract logic of our ETH cold wallet, allowing hackers to gain full control and steal over a billion dollars in funds.”
Zhou assured that all other cold wallets remain secure and that withdrawals are still operating normally. The company is currently working with security experts to track the stolen funds.
