Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.

“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Bybit explained.

“As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”

The crypto exchange says its security team is now investigating the incident with the help of external blockchain forensic experts. According to Bybit, anyone with the expertise to help track the stolen funds is also welcome to assist.

Bybit says all other cold wallets are fully secure, client funds are safe, and exchange operations were undisrupted by the incident.

“Please rest assured that all other cold wallets are secure. I will keep you guys posted as more develops, If any team can help us to track the stolen fund will be appreciated,” Bybit’s CEO said.

“Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.”

According to crypto fraud investigator ZachXBT, the exploiter has already split 10,000 ETH out of the roughly 401,346 ETH stolen in the attack to 48 addresses.

With $1.46 billion worth of cryptocurrency stolen in a single attack, this is now the largest cryptocurrency hack ever, almost doubling the previous record.

In March 2022, Sky Mavis disclosed that attackers stole $620 million in cryptocurrency (173,600 Ethereum and 25.5M USDC tokens) from Axie Infinity’s Ronin network bridge.

The FBI linked that incident to two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38), in April 2022.