The cryptocurrency industry witnessed its largest theft ever on February 21, 2025, when attackers drained approximately 401,347 ETH — worth roughly $1.4 billion at the time — from Bybit’s cold wallet infrastructure. Within 24 hours, Bybit responded by launching a Recovery Bounty Program offering up to $140 million in rewards, marking the most aggressive bounty initiative the crypto space has ever seen. With Bitcoin trading at approximately $96,577 and Ethereum around $2,764 at the time of the announcement, the sheer scale of the exploit sent shockwaves through markets already on edge.
The Exploit Mechanics
The attack relied on what security researchers call a “blind signing exploit.” On February 19, two days before the actual theft, attackers deployed a malicious smart contract that lay dormant, waiting for the right moment. When Bybit operators initiated a routine ETH transfer from their Safe (formerly Gnosis Safe) multisig wallet to a warm wallet on February 21 at approximately 11:30 AM UTC, they were presented with transaction data that appeared entirely legitimate on the front-end interface. The underlying reality was starkly different. The malicious contract replaced the intended transfer with one that routed funds directly to attacker-controlled addresses. Because the operators were using blind signing — approving transactions without full visibility into what the smart contract would actually execute — the exploit succeeded despite multiple authorized signers approving the transfer.
Once the attack was triggered, approximately 401,347 ETH along with additional tokens were rapidly drained across dozens of wallets in a carefully orchestrated laundering operation. Bybit CEO Ben Zhou confirmed the breach publicly around 1:00 PM UTC, roughly 90 minutes after the first suspicious outflows were detected internally. Over the following 48 hours, more than 580,000 user withdrawal requests were processed as Bybit scrambled to secure bridge loans and maintain liquidity.
Affected Systems
The exploit specifically targeted Bybit’s Ethereum cold storage infrastructure managed through Safe multisig wallets. This is the same class of vulnerability that was identified in other recent exchange breaches, including the Phemex and WazirX hacks. Binance co-founder Changpeng Zhao (CZ) noted on February 22 that multisig wallets have become a common denominator in the largest recent thefts, suggesting a systemic weakness rather than an isolated incident at Bybit. The affected systems all shared a critical vulnerability: reliance on interface-level transaction verification without cryptographic guarantees that the displayed transaction matched the actual on-chain execution.
The Mitigation Strategy
Bybit’s Recovery Bounty Program, launched at 15:32 UTC on February 22, offers a 10% reward on any successfully frozen or recovered stolen funds — translating to a potential payout of up to $140 million. The program is designed to incentivize on-chain investigators, blockchain analytics firms, and white-hat hackers to trace and intercept the laundered funds before they disappear into the broader ecosystem. Beyond the bounty, the industry is coalescing around several longer-term mitigation strategies. Ledger has strongly advocated for “Clear Signing,” a method that ensures transaction details are transparently displayed and cryptographically verified before approval, eliminating the blind signing vulnerability entirely. Fireblocks has proposed moving toward Multi-Party Computation (MPC) wallets, which split a wallet’s private key across several parties. Unlike multisig setups where each signer sees and approves a transaction, MPC keeps key fragments private from one another, meaning a single compromised interface cannot exploit the entire wallet.
Lessons Learned
The Bybit exploit underscores a fundamental truth about crypto security: complexity is the enemy of verification. The attack did not require breaking cryptography or compromising private keys directly. Instead, it exploited the gap between what operators saw and what the smart contract actually executed. This class of vulnerability — a user interface deception attack — is particularly dangerous because it bypasses the security assumptions that multisig configurations are built upon. The lesson is clear: transaction signing must be accompanied by full, cryptographically verified transparency of what is being signed.
User Action Required
For individual users, the Bybit hack serves as an immediate call to review your own security practices. If you use hardware wallets, ensure you are using Clear Signing mode and never approve transactions that your device cannot fully decode and display. For those holding significant funds on exchanges, consider distributing assets across multiple platforms to limit exposure to any single point of failure. Monitor official channels for updates on the bounty program, and report any suspicious wallet activity to blockchain analytics providers. The $140 million bounty means that anyone contributing to fund recovery — even by identifying a single laundering address — may be eligible for a share of the reward.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with security professionals before making decisions about your digital assets.
$140m bounty pool and they still only recovered a fraction. the laundering networks are too sophisticated now
blind signing exploits are going to keep happening until hardware wallets show decoded calldata natively. the UX gap is the real vulnerability here
tomasz nailed it. if a multisig signer cant verify what theyre signing, the whole m-of-n scheme is theater
tomasz is right but the UX problem is harder than people think. decoding arbitrary calldata on a hardware wallet screen with limited display is nontrivial
401,347 ETH gone in minutes and Bybit still operates. any other industry this would be a terminal event
401K ETH stolen and Bybit processed withdrawals normally within 48 hours. say what you want about their security, the operational response was remarkable
the bounty hunters who tracked funds through tornado cash and bridge hops deserve way more credit than they got
the laundering went through tornado cash then across 6 bridges in 48 hours. north korean groups have industrialized ETH mixing