Bybit CEO Confirms Exchange Was Hacked for $1.46B, Says His Firm Can Cover The Loss

Cryptocurrency exchange Bybit has experienced $1.46 billion worth of "suspicious outflows," according to blockchain sleuth ZachXBT. From a report: The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far. Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."

Hashtag

[Gilmoure]

#haxxor

Re:

[Big Hairy Gorilla]

Cold wallet?? #rugpull

Real bank

[tiananmen tank man]

Maybe it is safer to keep your money in a real bank.

Re:

[geekmux]

You're fucking stupid. Just unbelievably fucking moronic. Fuck off and die.

You're informative. Just unbelievably informative. Fuck off and prove me wrong with $hitcoin hacked history. My theory ain't nearly as make-believe as you assume. Insider Greed is no fictional character. This is literally the largest crypto hack in history. "No worries, we'll cover you" was about as expected as a loss at the high-roller table in Vegas.

Last I checked, cold storage means exactly that. Cold. Air-gapped. Fucking offline. You best be spitting or swallowing to MFAuthenticate that much co

Re:

[Narcocide]

Wait, what actually is your theory here? Are you suggesting he stole it himself just so that he could be seen as a hero by refunding it?

Re:

[geekmux]

Wait, what actually is your theory here? Are you suggesting he stole it himself just so that he could be seen as a hero by refunding it?

Stolen? Thief is such a hash 20th century accusation. The defense team will prefer to use outflow manager, with investors being told there was an conscious uncoupling of their funds from their wallets after reviewing the “incident”.

At this point in the history of hacks and losses in the unsecured crapto game, if he even recovered half of the losses he would be seen as a hero and a magician. Who else has recovered like that?

”A new scheme is born. Every minute.” - Satoshi Barnum

Re:

[Cyberax]

”Real” banks? You mean those money-based institutions sitting in overpriced buildings that don’t actually have cash money in their vaults

Why do you need vaults and cash? Are you living in the 18-th century?

Re:

[geekmux]

”Real” banks? You mean those money-based institutions sitting in overpriced buildings that don’t actually have cash money in their vaults

Why do you need vaults and cash? Are you living in the 18-th century?

* Looks at the price per gram of that shiny yellow metal shit *

Yup. Still are. Since that’s about the only shit in the vault still holding value since the 18th century.

Re:

[smooth wombat]

Why do you need vaults and cash?

The largest known depository of monetary gold is located in New York City. In a vault [newyorkfed.org].

As for banks, if I want to withdraw $100,000 in cash, where do think they store it? Under their mattress? Banks need a vault to store the money they might need on any given day to cover withdrawals.

Re:

[Cyberax]

The daily withdrawals from a typical bank branch are now less than $10k (not counting the ATM transactions). If you want a larger amount, you actually need to order it in advance. A lot of branches are now not even bothering to build the vaults and safe deposit box rooms altogether.

That's because pretty much nobody is doing large transactions in cash. Even drug dealers switched to Bitcoin these days.

Re:

[AvitarX]

I'm surprised about the lack of safety deposit boxes.

Where am I supposed to save all the "if I die" stuff?

If think they're more important now than ever.

Re:

[stabiesoft]

My bank I think has them at most branches. A couple of years ago they were preparing to relocate my branch so they let me know, gave me a couple of choices of where I could move my box to, comp'ed a couple years worth for the trouble. The relocated branch also has boxes, but I go into mine so rarely I just left it at the other location. They gave me another year for the inconvenience. So at least my bank still has them. And really I think a loss leader. A few years ago I was hitting the vault around once a

Re:

[Cyberax]

Where am I supposed to save all the "if I die" stuff?

If it's a serious question, then the answer is: NOT in a safe deposit box. Because they are not particularly safe. Read your agreement, the bank's liability is limited to 1 year of subscription fees. So around $1000.

If you want to store valuables, there are safe storage companies that can provide insurance up to $1m. The Seattle area has only 2 of them, and they are expensive.

If you want to store documents, then leave them with an estate lawyer.

Re:

[KGIII]

Where the hell are you getting your safety deposit box?!?

They're like $35 a year, but often cheaper and maybe a bit over $100 at a big bank in a city.

Re:

[KGIII]

I do banking at a variety of institutions for reasons too long to list here.

Generally, it's about $20k before they want you to let them know ahead of time, but I've pulled out 5x that without notice because I needed the funds pretty much immediately. (It was to buy a car at one hell of a price.)

So, they have more but it's good of you to let them know when you're going to need more physical currency.

Re:

[gweihir]

Real banks are under _very_ strict assert requirements and need to be completely honest with their customers as to how save everything is with them. As in "lie and go to prison". No such requirements for crapto.

Re:

[Powercntrl]

No such requirements for crapto.

Oh they'll still come after you if you rip off enough people good enough in the crypto realm. See: SBF. It's just that it's unlikely the people who were ripped off will ever be made whole again, because the money is gone. With banks, account holders are insured against the CEO turning out to be a fraudster.

Re:

[geekmux]

Real banks are under _very_ strict assert requirements and need to be completely honest with their customers as to how save everything is with them. As in "lie and go to prison". No such requirements for crapto.

Until a major banking institution is actually forced to send one of their best liars to prison, it’s no better than crapto.

We’ve seen traditional banking get away with a metric fuckton more corrupt fuckery. If they were so secure, they would never fail. Or create harm and instability. They’re guilty of it all and more.

Re:

[gweihir]

Actually, you need to listen carefully to what a bank tells you. They often do misdirection. But direct lies are very rare, because it makes them liable for your losses.

Re:

[geekmux]

Actually, you need to listen carefully to what a bank tells you. They often do misdirection. But direct lies are very rare, because it makes them liable for your losses.

”Misdirection” is the politically cute term for Deception. Also known as the bastard step-brother to Lies.

If an organization needs to deceive, they are no better then those who need to lie.

Re:

[gweihir]

I never claimed banks were moral institutions. But they are highly regulated institutions and hence they do not directly lie to you in almost all cases. Of course, filtering out the truth from the misdirection is _your_ job, but with a working mind, that is easy. Sure, those that think crapto is an investment are lacking that working mind and hence would probably fall for the misdirection as well.

Re:

[stabiesoft]

Of course banks fail. The difference is what happens after. In most cases FDIC comes in on a friday, closes it down, has another bank all lined up to take it over, and come monday morning, customers walk in as before and have a new bank with their balance on monday morning the same as they had the previous friday night. This has been true for as long as I've been alive. Actually 90 years according to https://www.fdic.gov/90years [fdic.gov]

Re:

[gweihir]

Within some limits and speculative things may be gone, but regular savings accounts are insured and you lose nothing if the bank crashes (up to that limit). Above that limit, it depends. But a bank has to have real assets in relation to the money people have stored in it and hence it cannot crash to zero or even only close to it and you may even keep everything even if above the limit, because the remaining worth of a crashed bank will cover it.

In the US, the FDIC insurance limit is $250'000 per person per

Re:

[KGIII]

If you have significant wealth, be aware that there's a limit to how much the FDIC insures.

Of course, if you have significant wealth, you probably don't need to keep that much in your bank account at any one time. There are far better stores of value that appreciate better than banks - even if you will get a better interest rate by storing more money in said institution. (Yes, you will often get better interest rates if you store above a set value.)

Re:

[stabiesoft]

Really this. FDIC coverage and if I remember right even the ones that went over limits got covered in the SVB debacle. I'd warn everyone that those "apps" that pretend to be banks will leave you in the cold if something goes wrong. https://www.cnbc.com/2024/07/0... [cnbc.com] Sometime new and shiny bites you.

Re:

[gweihir]

Yep and that is what regulation gives you: It limits your risk in case something goes wrong and reduces the probability of that happening.

Re:Follow the Losses.

[Powercntrl]

banks? You mean those money-based institutions sitting in overpriced buildings that don’t actually have cash money in their vaults, and will likely be the first to claim they need a Too Big To Fail taxpayer bailout after the house of cards we call a market blows over again?

Well, that's the difference ain't it? If a bank loses your money, the FDIC has to bail you out (up to $250,000). If you lose your magic internet money (or the you and the open exchange market suddenly have vastly differing ideas over its value), you're SOL.

If you absolutely need all of your money to be there when you want it back, a bank wins every time.

Re:

[geekmux]

banks? You mean those money-based institutions sitting in overpriced buildings that don’t actually have cash money in their vaults, and will likely be the first to claim they need a Too Big To Fail taxpayer bailout after the house of cards we call a market blows over again?

Well, that's the difference ain't it? If a bank loses your money, the FDIC has to bail you out (up to $250,000). If you lose your magic internet money (or the you and the open exchange market suddenly have vastly differing ideas over its value), you're SOL.

If you absolutely need all of your money to be there when you want it back, a bank wins every time.

Given how long it would actually take your local bank to hand you $250,000 in cash, I’d love to know the fine print details as to just how long the FDIC has to get you your (allegedly) still insured funds.

Reimbursement doesn’t much matter if you’re 6 months, 2 lawsuits, 18 bounced checks, and a Chapter 11 filing deep into a personal or business clusterfuck of their doing, if they’re allowed 6 months to reimburse you and take 179.9 days to do it.

Re:

[timeOday]

C'mon man. $USD in FDIC-insured banks are the most proven and secure way to store value. The full faith & credit of the United States may be tarnished, but it's miles ahead of the alternatives including and especially crypto. Uncle Sam will make sure you'll get your dollars. Everybody wants that to happen, including Wall St.

Re:

[geekmux]

C'mon man. $USD in FDIC-insured banks are the most proven and secure way to store value. The full faith & credit of the United States may be tarnished, but it's miles ahead of the alternatives including and especially crypto. Uncle Sam will make sure you'll get your dollars. Everybody wants that to happen, including Wall St.

I didn’t say it wouldn’t happen. I’m asking if there’s a point in offering insurance on THE liquid asset that an individual or business relies on daily as their life’s blood, if that reimbursement process is going to move at the speed of Government.

Reality doesn’t wait. Neither does life. So, what is the answer? (Based on actual incidents and payouts, not theoretical ones.)

Re:

[timeOday]

I'm not sure what you mean by that. At the kickoff of the Great Recession there were a lot of high-level late-night emergency meetings to make sure the bank clearinghouses could settle each day. This resulted in some funky shotgun weddings and incestuous public / private partnerships which is, as you noted, less than ideal. But the nightmare of the public experiencing empty ATMs did not occur on the whole.

The specific form of this will no doubt be a little different next time since nobody uses cash or c

Re:

[smokinpork]

In the unlikely occurrence that the FDIC doesn't just merge the failed institution with healthy bank so you never lose access to your money.
"It is the FDIC's goal to make deposit insurance payments within two business day of the failure of the insured institution."
source: https://www.fdic.gov/bank-fail... [fdic.gov]

Re:

[KGIII]

Given how long it would actually take your local bank to hand you $250,000 in cash,

24 hours, possibly less if you call them in the morning and let them know you'll be making a large withdrawal.

It'll be longer on the weekends.

This is only true if you're removing money that's in your account. If you're cashing a check, it will take longer to process it and verify that the originating account has the funds to cover it - and, often, to get those funds from said account. Transfers like that are faster now, but they can still take up to a week.

Man, there's so much misinformation in this thread.

Re:

[e3m4n]

The only caveat is the feds cant cover everyone if the collapse is bad enough. I think if more than a few banks fail, depending on the deposits, we could all be screwed. There was a recent failure of an online bank that claimed fdic insured. It had a real brick and mortar bank. A single branch. However the money kept rotating around and was not in the actual bank when shit went sideways. Aviod these goddamn Chime, CreditKarma, fly-by-night bullshit. Maybe stick to smaller regional banks. Diversify too. Keep

Re:

[rsilvergun]

Not if it's drug money or money you are trying to hide from your government. Or if you're the government and you're trying to hide the money because you're using it for illegal covert operations Ala Iran Contra.

Cryptocurrency is entirely dependent on a combination of nasty little rug pulls and money laundering. A sane society would do away with it by properly regulating it and putting a stop to those two things making it completely irrelevant.

But a sane society wouldn't have elected a president that

Re:

[Powercntrl]

But a sane society wouldn't have elected a president that uses a stupid meme about a funny dog as the cornerstone of their economic plan....

I think naming it after the memecoin was actually Musk's idea. Ooooh, I see what you did there.

Re:

[gweihir]

It would be safer to to keep it in a sick under your mattress.

Re:

[ChunderDownunder]

Store it off site where no one will ever find it.

https://news.slashdot.org/stor... [slashdot.org]

Trying to prevent a run on the exchange maybe?

[rabun_bike]

Saying you are covering a 1.5 billion loss and doing it are two different things. I imagine this is to prevent a run on the exchange which should happen since there is no deposit guarantees in the crypto currency world.

Re:

[gweihir]

Indeed. And saying you can cover and actually covering it or even being able to cover it are two different things. Nov, if this was a bank, such a claim would be relatively easy to check and, on top of that, lying could put the one doing it in prison. But with crapto, it is all smoke and mirrors anyways.

Re:

[rsilvergun]

Honestly it's all funny money mostly done through money laundering so I'm not surprised they're offering to cover the losses. Also I can't help but wonder if these aren't real losses and if one of the many many money launderers just needed to do a large cash out.

With the complete lack of regulation around cryptocurrency now we are definitely never going to know for sure. But there is too many of these hacks and people react with too little surprise or fear when they happen. I don't know if this is the c

Re:

[Big Hairy Gorilla]

Cover their losses with what?
I saw that too. So I just "lost" 1.4 Billion fairy coins, I'll just make more. Everything should be fine.

Open question here:
does anyone actually believe that a cold wallet was hacked and it wasn't just a rugpull by the execs?

Re:Trying to prevent a run on the exchange maybe?

[quantaman]

Saying you are covering a 1.5 billion loss and doing it are two different things. I imagine this is to prevent a run on the exchange which should happen since there is no deposit guarantees in the crypto currency world.

I assume they're "covering it" by assuming a $1.5B loss on their balance sheet and hoping their depositors just accept it.

I think this is only the second big exchange hack (Mount Gox way back in the day)? And of course insider stuff like Quadriga.

That's the one big issue I see with mainstream crypto. No matter how professional the infrastructure is the code to irreversibly transfer a ridiculous amount of wealth is trivial. It's fundamentally really, really hard to secure.

Re:

[_merlin]

MtGox wasn't a hack. They tried to spin it that way, but it was just plain embezzlement, and lack of internal controls/auditing.

Re:

[Zontar_Thing_From_Ve]

Saying you are covering a 1.5 billion loss and doing it are two different things. I imagine this is to prevent a run on the exchange which should happen since there is no deposit guarantees in the crypto currency world.

Been a long time since I had any mod points, so I'll comment since I can't mod you up. You're likely right. I'd like to predict that within 4 days Bybit - Never heard of them before - is toast and out of business and they can't actually cover it.

LOL Crypto

[TheMiddleRoad]

Yes, just keep your cash with us. I'm sure we, er, the hackers, didn't steal that money and won't steal the rest. Oh, sorry, your accounts been frozen. Just send another million dollars so we can unfreeze it.

Hacking got just a bit more lucrative

[gweihir]

At least that seems to be the case. Makes a lot of problems worse. Crapto is an exceptionally bad idea.

cold wallet

[awwshit]

A cold wallet should be an offline physical device. Reading between the lines here, someone had a device worth a billion dollars and did not secure it properly. If your cold wallet gets stolen you had a physical security failure.

Re:

[KirbyCombat]

What are you talking about? How do you get your crypto on an "offline physical device"?

Re:

[Anonymous Coward]

https://www.coingecko.com/lear... [coingecko.com]

Re:cold wallet

[Fly Swatter]

Copy the digital information to a flash drive, verify the data, unplug the flash drive - then get this - delete the copy on your computer..

Kep the drive safe, DO NOT THROW THE DRIVE IN THE TRASH AND THEN ATTEMPT TO BUY THE LANDFILL.

To retrieve it back, plug in the drive and copy it back.

That middle step is important.

Re:

[Powercntrl]

What are you talking about? How do you get your crypto on an "offline physical device"?

It's a bit of a farcical concept in cryptocurrency. There's two keys to a wallet, which are analogous to public and private keys (because that's essentially what they are). They look like this:

Wallet address:
1JxjwrbA8VdRnX2yRcp5HXGiKX2QcKBE2
Spend key:
Kxvb4FcVEZPj7xvyrP5N5BxRLE6NfohWjuAjtnCz2aC9pJgP8djC

Technically, you can keep the spend key safe however you like. Print it out and stick it in a physical safe, and now you've got an offline wallet. Problem is, if you actually want to transfer any coins fro

Re:

[Gilmoure]

Add it to the pr0n collection?

Re:

[quantaman]

A cold wallet should be an offline physical device. Reading between the lines here, someone had a device worth a billion dollars and did not secure it properly. If your cold wallet gets stolen you had a physical security failure.

Reading between the lines they were talking a big security game without going through the expensive and time consuming task of implementing it.

really from a cold wallet ???

[kiviQr]

...that sounds like a magic trick.

Wallet

[kaatochacha]

I'm just trying to figure out who has a wallet with over 400K of ethereum in it and isn't CONSTANTLY making sure it's safe.
It's like having 23 TONS of gold and going "welp, I put it in a safe out back, I'm sure it's just fine."

Re:

[Powercntrl]

I'm just trying to figure out who has a wallet with over 400K of ethereum in it and isn't CONSTANTLY making sure it's safe.
It's like having 23 TONS of gold and going "welp, I put it in a safe out back, I'm sure it's just fine."

Actually, the fact that gold is rather heavy presents its own difficulties in stealing it. It was rather hilariously demonstrated in an old Disney flick, where an alien boy with telekinetic abilities is forced under mind control (yeah, they checked all the cheesy sci-fi trope boxes with this one) to participate in a gold bar heist, and the thief (played by Bette Davis) failed to account for the weight of the gold. Oops.

They can cover it, really?

[Jeremi]

Where does any firm (short of maybe Amazon or Tesla) come up with $1.46B in cash to hand out to cover an unexpected expense?