Here’s How the Bybit Hacker Stole $1.5B Worth Ethereum?
recent $1.5 billion Bybit Hack Serious security issues were raised, and reports confirmed the attackers’ use of a highly sophisticated approach to depleting millions of crypto assets. Crypto analyst David Leung if The detailed crash of the attack method reveals the main mistakes in Bybit’s security.
Arkham Report That’s bybit 
bybit – Centralized communicationCrypto transactions and information 
Hackers passBlind Signature“A way to approve transactions without looking at all the details. The attacker compromised Bybit’s Eth Cold Wallet, transferring nearly $1.5 billion of assets into one wallet and then scattering it across multiple wallets . Funds discharged from the most secured platform reveal the true nature of crypto assets, as there is no unified law against international crime, so Bybit has a hard time recovering losses. In this case, Bybit announced a 50,000 ARKM bounty, Used for further investigation.
Let’s see what’s going on and how to keep it protected.
Now that we know who's behind the @Bybit_Official attack. Let's look at how the hack actually worked.
At a high level, the hack involved the 4 broad group of events:
1. Attacker deployed a trojan contract and a backdoor contract.
2. Attacker tricked signers of the upgradeable… pic.twitter.com/5repcdcsDB
— David | crypto/acc (@dhkleung) February 21, 2025
How does an attack happen
The hacker deployed a Trojan contract with the backdoor contract, setting a trap for Bybit’s upgradeable Multisig Wallet. They deceived the signature of the wallet and authorized a seemingly harmless ERC-20 Token Transfer. However, this transaction contains a delegate call, which allows them to change the core logic of the contract. Rather than a simple transfer, the attacker used a Trojan contract to replace the wallet’s total contract with his own backdoor contract, giving them complete control.
Once controlled, the hacker executes the command to sweep all available ETH, Meth, Steth and Cmeth tokens from the wallet. Interestingly, the backdoor contract is just for two things – converting ETH and ERC-20 tokens to their address of choice. This allows them to quickly drain funds before Bybit can react.
- Please read also:
- North Korea Lazarus Group Behind $1B Bybit Hack – Arkham Intelligence
- ,,,,,
Safety red flags are ignored
Leung further pointed out several red flags that trading should be stopped. First, transfer refers to an unlisted contract that is not in compliance with ERC-20, involving zero tokens, and using a representative call that changes the contract logic. These vulnerabilities should trigger compliance checks, but the transaction is still approved. The fact that these security measures fail shows that the attacker has an internal understanding of Bybit’s actions.
Can this be avoided?
David stressed that stronger fixed front and rear security checks could prevent attacks. If the independent security layer reviews the transaction, they can identify suspicious elements before approval. This technique highlights the increasing complexity of crypto attacks and the urgent need to obtain better security protocols in the industry.
Never miss the beats in the crypto world!
Stay ahead with Breaking News, expert analysis and real-time updates to latest trends like Bitcoin, Altcoins, Defi, NFTS, and more.
