Ben Zhou has addressed the current situation with the latest Bybit hack.
Earlier, he confirmed that the exchange’s Ethereum (ETH) cold wallet was compromised in what he describes as one of "the worst hacks" in history.
The popular cryptocurrency trading platform has reportedly lost approximately $1.4 billion worth of ETH and other tokens. In the aftermath of the attack, around $200 million worth of stETH was swapped on the open market for ETH.
In a statement, Zhou reassured users that withdrawals had resumed at full capacity. “Twelve hours from the worst hack in history, all withdrawals have been processed. Our withdrawal system is now fully back to normal pace—you can withdraw any amount and experience no delays. Thanks for your patience, and we are sorry that this has happened,” he wrote.
He also promised that Bybit would release a full incident report along with enhanced security measures in the coming days.
In a previous post, Zhou acknowledged the scale of the attack and the challenges the exchange faced. He revealed that Bybit had processed an unprecedented number of withdrawal requests — over 350,000 in total — since the hack occurred.
“Since the hack 10 hours ago, Bybit has experienced the most withdrawals we have ever seen. So far, around 2,100 withdrawal requests remain to be processed. Overall, 99.994% of withdrawals have been completed,” he stated.
Despite the severity of the breach, Zhou emphasized that all Bybit functions and products remained operational. He praised his team for working tirelessly through the crisis, stating, “The whole team has been awake all night to process and answer client questions and concerns. All hands on deck. Rest assured, we are here with you.”
As the exchange works to recover from the attack, Bybit is expected to implement additional security measures and provide further updates on how it plans to prevent similar incidents in the future.
Alex DovbnyaAs reported by U.Today, the attack was executed using a technique known as "musked" transactions, where the hacker likely employed advanced phishing and spoofing tactics to deceive users.
This involved displaying a compromised user interface (UI) that closely mimicked the legitimate Bybit interface, tricking the signer into approving fraudulent transactions. The method is similar to scams that use fake ATM interfaces to steal sensitive information from unsuspecting users.
According to Ben Zhou, the hacker exploited the signing message to manipulate the smart contract logic of the exchange’s ETH cold wallet. By altering the contract’s behavior, they were able to seize control of the wallet and transfer all stored ETH to an unidentified address. This sophisticated attack method highlights the growing complexity of security threats facing the cryptocurrency industry.
Dan Burgin
Vladislav Sopov