How Bybit’s Multisig Wallet Was Compromised

On 21 Feb 2025, Bybit, a leading cryptocurrency exchange, reported a significant exploit affecting their ETH multisig cold wallet. The attacker successfully manipulated the transaction signing logic, resulting in an unauthorized transfer of all funds to an unknown address. While multisig wallets are generally considered highly secure, this incident highlights the evolving nature of cyber threats targeting decentralized finance platforms. This article takes an in-depth look at the exploit, its technical intricacies, and the measures that can be taken to prevent similar occurrences.

The Incident: What Happened?

Bybit’s multisig cold wallet executed a transaction that transferred its entire ETH balance to an unknown address. The exchange’s signers, responsible for approving transactions, believed they were authorizing a legitimate transfer. However, the attacker had manipulated the signing process in such a way that it concealed the true nature of the transaction. As a result, the compromised logic allowed the hacker to take full control of the funds without raising immediate suspicion.

1. The attacker likely manipulated the transaction signing process rather than directly hacking the wallet keys.
2. Bybit’s signers saw a legitimate UI but unknowingly approved an attacker-modified transaction.
3. The attacker tricked the signers into signing a transaction that transferred ETH to their address.
4. The Safe (Gnosis) UI was possibly compromised, or a fake UI was presented.
5. The attacker likely used UI deception, smart contract logic exploitation, or API hooking to change transaction behavior

At the heart of this exploit was a deceptive mechanism that misled the signers. The interface displayed a valid transaction with correct wallet addresses, creating a false sense of security. However, the underlying transaction logic had been altered, redirecting the funds elsewhere. This indicates that the attack was not merely about brute force hacking but rather a sophisticated form of deception.

Technical Breakdown of the Attack

The attack involved multiple layers of deception, including UI manipulation, smart contract exploitation, and signer misdirection.

UI Manipulation and Deception

One of the most likely attack vectors was front-end compromise, where the attacker altered the transaction display interface. By hijacking the Safe (Gnosis Safe) UI, the attacker ensured that the transaction appeared legitimate. The signers were misled into believing they were approving a transfer to Bybit’s warm wallet, but in reality, they were signing off on an attacker-controlled transaction.

This type of manipulation is often achieved through malicious JavaScript injections, browser-based phishing techniques, or MITM (Man-in-the-Middle) attacks that modify transaction data on-the-fly. If Bybit’s signers were using a compromised dApp, the attacker could have substituted the transaction data at the moment of signing.

Smart Contract Exploitation

Given that Bybit’s cold wallet was managed via a smart contract, the attacker likely exploited a vulnerability in the contract logic. This could have been achieved through:

• Proxy Contract Manipulation: If the wallet contract was upgradeable, an attacker could have modified the contract’s execution logic.
• Delegatecall Exploitation: Some smart contracts rely on delegatecall functions, which can be exploited to execute unintended transactions.
• Unverified Transaction Payloads: The attacker might have injected an unverified payload, tricking the signers into approving a malicious transaction.

Such attacks demonstrate that even if a contract has security features in place, loopholes in contract design can still be leveraged to bypass security measures.

Multisig Compromise

Since Bybit’s cold wallet used a multisig setup, multiple signatures were required to authorize transactions. Despite this, the attack succeeded, suggesting one of the following scenarios:

1. Compromised Signers: If one or more signers were compromised, an attacker could have manipulated the signing process.
2. Transaction Execution Vulnerability: The signing process might have included a flaw that allowed unauthorized execution.
3. Deceptive Signing Process: If the signers relied solely on a manipulated UI, they would not have realized the true nature of the transaction they were approving.

Multisig wallets are typically designed to prevent a single point of failure, but this attack shows that social engineering, UI deception, and smart contract vulnerabilities can still break through these security barriers.

How it ByBit Multisig Exploit Could’ve Been Stopped?

In the wake of this exploit, Bybit assured users that their other cold wallets remained secure and that normal withdrawals were unaffected. However, the incident raises critical questions about the security of transaction approval processes in decentralized finance (DeFi) ecosystems. Here are some key security recommendations to prevent similar attacks:

1. Transaction Simulation and Validation

Bybit and other exchanges should implement transaction simulation tools like Tenderly or OpenZeppelin Defender, which allow signers to see the final execution result of a transaction before approving it. This would help identify any redirections or unauthorized modifications.

2. Hardware Wallet-Based Verification

Instead of relying solely on software interfaces, signers should use hardware wallets (Ledger, Trezor) that physically display transaction details. This ensures that even if the UI is compromised, the true transaction details remain visible on an independent, secure device.

3. Independent Transaction Validation

All multisig approvals should be verified through a separate, independent transaction verification system. This additional step would require signers to confirm details from multiple sources before finalizing approvals.

4. Smart Contract Audits

Since smart contract logic played a key role in this exploit, regular audits should be conducted to detect vulnerabilities in contract execution. Security firms specializing in DeFi penetration testing should assess contract security before deployment.

5. Improved UI Security Measures

• Using secure, verifiable front-end frameworks to prevent JavaScript injection attacks.
• Implementing browser-based security checks to detect unauthorized UI manipulations.
• Educating signers to manually verify transaction hashes before approving any transfers.
  

This attack underscores the importance of UI integrity, signer security, and smart contract robustness. Bybit’s case demonstrates how even multisig wallets, traditionally considered highly secure, can be exploited through UI deception and contract logic manipulation.

Public & Expert Reactions on the Attack

Several experts and influencers have weighed in on the attack, offering different viewpoints on the cause, impact, and necessary security improvements.

1. CZ 🔶 BNB (@cz_binance)

“Not an easy situation to deal with. Might suggest to halt all withdrawals for a bit as a standard security precaution. Will provide any assistance if needed. Good luck!” as mentioned by CZ, The standard procedure during security incidents involves halting transactions to prevent further loss. Binance has done this in past breaches.

2. Erik Udahl (@erik_udahl)

“In simple terms, a hacker tricked the exchange’s team into approving a transaction that looked like a routine transfer from a secure offline (cold) wallet to a semi-online (warm) wallet.” Whereas Erik aligns it with common attack vectors like social engineering or compromised admin credentials.

3. Green Bean Dreamin’ (@GreenBnz)

“How did the hacker know exactly when everyone was signing? Was he just waiting around staring at his computer screen for years hoping someone would move 1.5 billion?” Here Green raises questions about whether the attack was opportunistic or if insider information was involved.

Transaction Forensics Analysis of ByBit Multisig Wallet Hack:

The transaction hash 0xb61413c495fdad6114a7aa863a00b2e3c28945979a10885b12b30316ea9f072c is a critical component of the recent security breach involving Bybit’s Ethereum (ETH) cold wallet. This transaction facilitated the unauthorized transfer of a substantial amount of ETH from Bybit’s cold wallet to an address controlled by the attacker.

Transaction Overview:

• Transaction Hash: 0xb61413c495fdad6114a7aa863a00b2e3c28945979a10885b12b30316ea9f072c
• From Address: Bybit’s ETH multisig cold wallet
• To Address: 0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2 (identified as “Bybit Exploiter 1”)
• Amount Transferred: 401,347 ETH (approximately $1.12 billion at the time of the transaction)
• Transaction Fee: Minimal, given Ethereum’s gas structure
• Timestamp: February 21, 2025

Technical Analysis: The attack was executed through a sophisticated manipulation of Bybit’s multisig wallet interface. The perpetrator employed a “masked” transaction technique, deceiving the wallet’s signers into authorizing a malicious smart contract update. This update altered the wallet’s logic, granting the attacker control over the funds. Notably, the user interface displayed legitimate transaction details, masking the underlying malicious code. Consequently, the signers, relying on the compromised interface, inadvertently approved the unauthorized transfer.

This incident underscores the vulnerabilities inherent in multisig wallet systems, especially when the user interface can be compromised. It highlights the necessity for multi-layered security protocols, including:

• Out-of-Band Verification: Implementing independent channels to confirm transaction details.
• Regular Security Audits: Conducting frequent assessments of both front-end and back-end systems.
• Enhanced Signer Education: Training authorized personnel to recognize potential UI manipulations and other deceptive tactics.
  

This breach serves as a stark reminder of the evolving tactics employed by malicious actors in the cryptocurrency space and the imperative for robust, adaptive security measures.

The attack serves as a crucial lesson for crypto exchanges, wallet providers, and DeFi platforms: security is not just about the underlying technology but also about how humans interact with it. Future security implementations should focus on preventive controls, such as secure transaction simulations, stronger hardware authentication, and multi-layered verification processes to mitigate similar risks. As cyber threats evolve, so must our approach to safeguarding digital assets in an increasingly complex blockchain ecosystem.