Author: Frank, PANews
A major security incident occurred at a crypto exchange, with Bybit exchange being hacked. On the evening of February 21, 2025, on-chain detective ZachXBT issued an alert on the X platform, stating that abnormal fund outflows were detected from addresses associated with the Bybit exchange, involving an amount as high as $1.46 billion. Confirmed by security teams such as Slow Mist and PeckShield, this incident was a hacker attack through UI deception to control Bybit's ETH multi-signature cold wallet, stealing 491,000 ETH (worth about $1.4 billion at the current price). After the news broke, the market quickly fell into panic: users rushed to withdraw, ETH price plummeted 8%, and over $400 million in contracts were liquidated across the network - an FTX-style collapse seemed imminent.
Fortunately, Bybit acted quickly, explaining that it was an ETH cold wallet that was hacked, and other asset categories were not affected, and they guaranteed sufficient funds to meet user withdrawal needs. Additionally, exchanges like Bitget and Binance injected over $4 billion in liquidity to address the crisis, temporarily calming the incident, and the Ethereum price rebounded above $2,700 after a day of volatility.
The ripples of the incident have not yet subsided, and the hacking event has once again sounded the alarm for the industry, especially as the FTX incident is about to come to an end and begin repayment. As the main asset stolen, what profound impact will the Ethereum ecosystem have? Perhaps this is something the industry needs to further reflect on.
Limited cross-chain bridge liquidity, hackers may have difficulty selling the coins in the short term
The market sentiment was the most directly impacted. Before the news broke, the ETH price had risen to as high as $2,845. Driven by market panic, the ETH price dropped 8% in the short term, and over $400 million in contracts were liquidated across the network. Thanks to Bybit's quick response and liquidity support from exchanges like Bitget and Binance, the ETH price regained its losses within 24 hours, and the market panic was temporarily alleviated.
However, most of the funds stolen by the hackers have not yet been sold, and in the following period, the hackers urgently need to launder these funds through on-chain methods and convert them into other cryptocurrencies. Therefore, the Ethereum chain's absorption capacity will still be tested to a certain extent.
Furthermore, according to analyses by multiple security companies, the perpetrator of this incident is believed to be the North Korean hacker group. If this conjecture is true, the possibility of recovering the funds is extremely slim.
According to data from Artemis, the on-chain outflow of ETH in the past 7 days was only $196 million, and the inflow was about $149 million. If the hackers choose to transfer these funds to other chains in a short period of time, the on-chain outflow of ETH may increase tenfold in the short term. The reality of Ethereum's on-chain depth being under pressure in the coming period is inevitable.
Most cross-chain bridges do not have sufficient liquidity to accommodate such large fund transfers. For example, the Chainflip cross-chain bridge used by the hackers to transfer funds on February 22 has a total liquidity of only about $17 million. Other cross-chain bridges also seem to be unable to handle such large fund volumes.
On the other hand, Ethereum is perhaps the most decentralized public chain after Bitcoin. The hackers are unlikely to choose to transfer the funds to the ecosystems of other public chains. From this perspective, the hackers may still focus on mixing the funds in the short term, and may not conduct large-scale fund conversions on-chain. Therefore, the impact on the on-chain depth may not be immediate, and the gradual absorption process may have a limited impact on the market.
Reflecting on the "complexity premium" of smart contracts, should Ethereum move towards simplification
In addition to the market impact, Ethereum's technical roadmap may also undergo some changes as a result of this incident. Reviewing a similar hacking incident in 2024, the hackers also stole ETH tokens during the WazirX breach.
The reason is twofold: on the one hand, ETH is the second largest token by market cap after BTC, and its market depth will not collapse due to one or two attacks, making it an asset type that retains value for hackers. On the other hand, it is also related to Ethereum's complex smart contract functionality. Compared to newer blockchains like Solana, Ethereum's Turing completeness gives smart contracts unlimited possibilities, but also leads to complex contract interaction layers (such as the multi-proxy calls of the Safe contract in multi-signature wallets), with an attack surface far greater than Bitcoin's UTXO model or Solana's native account model.
Therefore, as more security attacks occur on Ethereum, Ethereum's technical roadmap may consider how to simplify smart contracts or introduce technological changes such as biometrics or hardware device confirmation at the multi-signature wallet application layer.
From an ecosystem perspective, projects in the Ethereum ecosystem that enhance security through hardware may have certain opportunities. This includes the Safe used in this incident, which may in the future require "secondary semantic verification" (such as visual verification of transaction content) and physical confirmation mechanisms similar to hardware wallets.
Of course, the potential changes mentioned above are premised on the Ethereum ecosystem treating this incident as a wake-up call. After all, in the face of poor data performance, security has become the last moat for the Ethereum ecosystem. If the security is breached, the market may face greater disappointment in the Ethereum ecosystem.
The industry's wake-up call, it's time to build a hacker firewall
Of course, this incident has deeper potential implications for the entire crypto industry ecosystem. For example, the asset management methods of exchanges may require more reform.
Or, will this catalyze the development of exchange insurance business? Previously, the FTX collapse has led various exchanges to pay more attention to asset transparency and publicly disclose their asset sizes. From a certain perspective, this widespread implementation has become an important reason why Bybit did not repeat the same fate. Looking at this hacking incident, another reason why a large-scale bank run did not occur is that multiple exchanges and industry institutions quickly lent a helping hand to stabilize market sentiment.
From the FTX collapse, the last straw that broke the camel's back was the bank run event. Fortunately, Bybit received assistance from its peers, but this assistance is essentially a weighing of pros and cons and a human factor. If another exchange faces a similar crisis in the future and does not receive assistance from its peers after evaluation, will the market be dragged into the FTX cycle again? Therefore, exchanges or third parties may have more motivation to promote the development of exchange insurance business after this incident.
In addition, the crypto industry has long suffered from North Korean hackers. To prevent similar incidents, on the one hand, the industry needs to further strengthen its own security levels. On the other hand, whether the crypto world will launch a wave of anti-hacker firewall establishment has become an issue worthy of attention for the entire industry. For example, establishing a unified firewall among various projects to block the flow of hacker funds? Of course, this process will be much more complex, and how to complete such an initiative without sacrificing the degree of decentralization may become the main topic of discussion. As CZ suggested after the incident that Bybit should stop withdrawals, it also sparked a lot of controversy.
But the establishment of a hacker firewall may have a greater meaning than just preventing another exchange from collapsing. It is for those users who are frequently harassed by hackers but ignored, as they are powerless to get the entire network to cooperate in stopping the hackers, and each attack has a greater impact on retail investors.
Although the Bybit incident ultimately did not evolve into a systemic collapse, the exposed cold wallet interaction vulnerabilities, cross-chain bridge liquidity bottlenecks, and the temporary nature of the industry's mutual assistance mechanism have sounded the alarm for the Ethereum ecosystem and the entire crypto industry - only by building an attack-resistant underlying architecture and institutionalized risk buffering mechanisms can crises be transformed into evolutionary driving forces.
