The cryptocurrency exchange Bybit confirmed on Friday that a sophisticated security breach resulted in the theft of approximately 401,346 Ethereum (ETH) from one of its offline cold wallets. The stolen assets, valued at roughly $1.4 billion at the time of the incident, represent the largest single crypto theft in history, surpassing previous high-profile breaches.
A Historic Breach in Digital Assets
Bybit CEO and co-founder Ben Zhou disclosed the details during a livestream, explaining that attackers managed to compromise a cold wallet—a storage solution typically disconnected from the internet—and successfully transferred the funds to an online “warm” wallet. The incident has sent shockwaves through the industry, with security researchers including ZachXBT and the firm Elliptic confirming the staggering scale of the loss.
To put the magnitude into perspective, this single hack accounts for more than half of the total $2.2 billion in crypto stolen throughout the entire year of 2024, according to data from Chainalysis. Experts note that this event may qualify as the largest single theft of all time, exceeding the infamous $1 billion central bank heist in Iraq.
Comparative Scale of Crypto Losses
The industry has previously grappled with massive security failures, such as the Ronin Network and Poly Network hacks, which resulted in losses of $624 million and $611 million, respectively, as tracked by Rekt. The Bybit breach effectively doubles those figures, setting a grim new benchmark for web3 security vulnerabilities.
Exchange Solvency and Future Outlook
Despite the severity of the loss, Bybit leadership maintains that the exchange remains stable. Zhou stated on X that the company is “solvent” and possesses the necessary capital to cover the shortfall, even if the stolen funds are never recovered. As of last week, the Dubai-based exchange held an estimated $16 billion in total assets, according to CoinMarketCap.
The company continues to address the fallout of the attack, with official communications emphasizing their commitment to maintaining platform integrity despite the unprecedented financial impact.