On the early morning of February 22, on-chain sleuth Zachxbt detected a suspicious fund outflow incident on Bybit. Subsequent on-chain records showed that a Bybit multisig address transferred out $1.5 billion worth of ETH and used a DEX to swap LSD assets for native ETH. Possibly due to FUD sentiment, Ethereum briefly dropped below $2,700; Bybit's native platform token MNT briefly fell below $0.9, with a 24-hour decrease of 7.71%.

Bybit CEO Ben Zhou quickly responded, stating that indeed a hacker had control of a specific ETH cold wallet, but the remaining cold wallets are secure and withdrawals are functioning normally. Ben Zhou also emphasized that Bybit has the capability to make reparations and cover this loss. BlockBeats will continue to monitor and provide real-time updates. The following is a timeline summary:

February 23

Bybit: Deposits and Withdrawals Fully Restored to Normal Levels

At 4:55 PM, Bybit's official announcement stated that deposits and withdrawals on Bybit have been fully restored to normal levels, a situation confirmed through on-chain data.

Bybit CEO Responds to eXch's Refusal to Honor its Interception Request: "Hope eXch Reconsiders, This is Not Just About Helping Bybit"

At 12:32 PM, Bybit CEO Ben Zhou mentioned on Platform X, "At this moment, it is actually not about Bybit or any entity, but our industry's general attitude towards hackers. I sincerely hope that eXch can reconsider and help us stop the funds from flowing out from them. We have also received assistance from Interpool and international regulatory agencies. Helping to prevent this fund outflow is not just about aiding Bybit."

SlowMist: Mixing Service Platform eXch has Helped Hacker Convert ETH to BTC, XMR, Recommends CEX to Enhance Risk Control Against It

At 11:27 AM, SlowMist's research arm, SlowMist Cosmos, stated that considering a significant amount of ETH has been laundered through eXch, exchanged for BTC, XMR, and others, all platforms should elevate their risk control levels for funds originating from eXch.

Ethereum Core Developer: Rollback Nearly Impossible to Achieve, May Lead to Irreparable Chain Reactions

On February 23, in response to the February 21 hack of the Bybit exchange resulting in a $1.5 billion loss, Ethereum core developer Tim Beiko stated that although some in the crypto industry are calling for the Ethereum network to be restored to its pre-hack state, it is almost technically infeasible. Beiko emphasized that unlike the 2016 TheDAO hack, this attack did not violate Ethereum protocol rules, and a rollback would cause widespread and irreparable chain reactions, potentially resulting in more destructive consequences than the hack itself. Additionally, a rollback would undo all settled on-chain transactions and cannot reverse off-chain transactions.

Other industry figures have echoed similar sentiments. Ethereum educator Anthony Sassano pointed out that the current complexity of the Ethereum ecosystem makes a simple rollback of infrastructure unworkable. Yuga Labs' VP of Blockchain also warned that the cost of a rollback could far exceed $1.5 billion.

Bybit CEO Responds to Supporting Ethereum Rollback to Pre-Hack State: Should Be Decided by Community Vote

Regarding support for rolling back Ethereum to pre-hack state, Bybit CEO Ben Zhou stated in a previous Space session: "I'm not sure if it's one man's decision. Based on the spirit of blockchain, maybe it should be a voting process to see what the communities want, but I am not not sure."

February 22

Bybit Launches "Bounty Recovery Plan," Rewarding 10% of Stolen Funds

At 23:32, according to an official announcement, Bybit officially launched the "Bounty Recovery Plan," calling on global cybersecurity and crypto analysis elites to jointly track down the perpetrators of the largest cryptocurrency theft in history.

Contributors who successfully recover funds will receive a 10% reward, with the total bounty amount calculated based on a verifiable recovery amount of stolen ETH valued at over $1.4 billion at the time of the event. If all funds are recovered, the total bounty amount could reach up to $140 million.

Bybit CEO Ben Zhou stated that within 24 hours of the event, they had received strong support from top industry professionals and organizations and hoped to formally reward community members who provided us with expertise, experience, and support through the "Bounty Recovery Plan." Those interested in participating can contact the platform via bounty_program@bybit.com.

Bybit CEO: Agrees with CZ's View, Will Immediately Halt All Withdrawals If Internal System Is Breached

At 9:17 PM, Bybit CEO Ben Zhou posted, "I agree with CZ's view. If this hack was through penetrating our internal system (e.g., a part of the withdrawal system) or breach of the hot wallet, we would immediately halt all withdrawals until the root cause is found.

However, in yesterday's incident, our breached wallet was our ETH cold wallet (we use Safe), which has nothing to do with any of our internal systems. Therefore, I was able to decisively decide to let Bybit's withdrawals and system functions operate as usual.

In last night's crisis, Binance, CZ, along with many partners and industry leaders, proactively offered help, for which we are deeply grateful and feel incredibly warmed by the support received. This event has been a huge blow to Bybit, but the entire industry has shown the power of solidarity. I believe that from now on, everything will only move in a better direction."

CZ: Suggested ByBit's Withdrawal Suspension Was Based on Self-Experience and Observation, Principle Always Stands on the Safer Side

At 8:19 PM, CZ posted, "Recent events (including ByBit, Phemex, WazirX, and others) show a pattern: hackers are able to steal a large amount of crypto assets from multisig 'cold storage' solutions. In ByBit's latest case, the hacker was able to display a legitimate transaction on the front-end user interface, while actually signing another transaction. Though I am less familiar with other cases, they seem to have similar characteristics based on limited information.

Some questioned my recommendation to immediately halt all withdrawals in the event of a security incident (I posted this tweet while on a shuttle bus). My intention was based on self-experience and observation, sharing a practical response. Of course, there is no absolute right or wrong. My principle always stands on the safer side. After a security incident, all operations should be halted immediately, ensure a full understanding of the attack method, identify how the hacker penetrated the system, which devices were affected, triple-check security, and then resume operations.

Of course, halting withdrawals may cause greater panic. In 2019, we suspended withdrawals for a week after a $40 million hack. But when we resumed withdrawals (and deposits), the deposit volume was actually higher than the withdrawal volume. I'm not saying this method is better; each situation is different, requiring judgment. The purpose of my tweet is to share potentially effective methods and express support in a timely manner.

I believe Ben made the best decision based on the information at hand. Ben maintained transparent communication and a calm attitude during this crisis, contrasting sharply with CEOs of platforms like WazirX and FTX, who were not as transparent. It is important to note that each of these cases is unique. The FTX incident was a fraud event, while the WazirX incident is still in litigation, and I prefer not to comment on it.

Bybit CEO: Bitget is the first CEX to offer help without any interest

During an evening Space session at 7:00 PM, the Bybit CEO stated that Bitget was the first CEX to offer help without any interest. Additionally, MEXC and PAID Network also provided assistance.

Bitget CEO Gracy mentioned in the Space that they proactively reached out to Bybit CEO BEN to offer help, providing short-term liquidity without requiring any collateral, interest, or commitments. Bybit can return it when no longer needed, and it is understood that Bybit's liquidity has been restored, requiring no further support.

mETH Protocol: cmETH Withdrawals Resumed, User Funds Unaffected

At 5:54 PM, the liquidity staking/restaking protocol mETH Protocol announced that cmETH withdrawals have resumed, with user funds remaining secure and receiving full support. A detailed post-incident analysis report will be released soon, outlining the events and all measures taken.

Previously, mETH Protocol had announced the suspension of cmETH withdrawals after learning about a recent security incident involving certain mETH and cmETH transactions on Bybit, while deposits and staking services continued as usual.

Five Institutions/Individuals Have Provided Bybit with Support for 120,000 ETH in Loans

At 5:50 PM, according to EmberCN monitoring, five institutions/individuals have provided Bybit with a total of 120,000 ETH ($320.97M) in loan support. Specifically:

· Bitget: 40,000 ETH ($105.96M);

· Institution/Whale withdrawing from Binance: 11,800 ETH ($31.02M);

· MEXC: 12,652 stETH ($33.75M);

· Binance or another institution/whale withdrawing from Binance: 36,000 ETH ($96.54M);

· Address 0x327...45b: 20,000 ETH ($53.7M).

Chainflip: Enhancing ETH Proxy Level Filtering Mechanism to Reject Suspicious Deposits

At 16:52, the cross-chain bridge Chainflip updated on the latest development of the Bybit hack, stating, "We have observed the hacker attempting to convert the Bybit stolen funds to BTC via Chainflip. Currently, we have partially shut down frontend services to block fund movement, but since the protocol is fully decentralized with 150 nodes, we cannot completely shut down the entire system.

As a longer-term solution, we are enhancing the ETH proxy level filtering mechanism to reject suspicious deposits via the broker-api. Currently, this mechanism is already in place for BTC, and we just need to complete the implementation for ETH."

Chainflip Responds to Bybit CEO: As a Decentralized Protocol, Unable to Fully Halt, Freeze, or Redirect Any Funds

At 16:33, the cross-chain bridge Chainflip responded to the freeze request from the Bybit CEO, stating, "We have done our best to handle the current situation, but as a decentralized protocol, we are unable to fully halt, freeze, or redirect any funds. However, we have currently shut down some frontend services to block fund movement."

ZachXBT: Bybit Hacker Begins Consolidating Funds with Phemex Hack Funds

At 16:09, blockchain detective ZachXBT posted on social media that the Lazarus Group had just consolidated a portion of the Bybit hacker attack funds with the funds from the Phemex hacker attack directly on-chain, mixing the funds from the initial theft addresses of these two events.

ZachXBT: Monitoring Bybit Hacker Transferring Assets and Laundering Through a Mixer

Blockchain detective ZachXBT posted in the official channel that they had observed the Lazarus Group moving 5000 ETH from the Bybit hacker address to a new address, starting to launder through an eXch (centralized mixer), and transferring the funds into the Bitcoin network via Chainflip.

Bybit CEO: Detected Hacker Attempting to Transfer Assets via Chainflip, Will Soon Launch Bounty Program for Cross-chain Bridge

At 3:21 PM, Bybit CEO Ben Zhou posted on social media that they had detected a hacker attempting to transfer assets via Chainflip to the BTC network. Bybit hopes the cross-chain bridge project will help them prevent further asset movement to other chains. Bybit will soon release a bounty program for anyone who helps them block or trace funds leading to asset recovery.

Bybit Sees Over $4 Billion Inflow in the Past 12 Hours, Fully Covers Stolen Funds Gap

According to SoSoValue's statistics and the latest monitoring data from the on-chain security team TenArmor, funds flowing into the Bybit trading platform have exceeded $4 billion in the past 12 hours, including 63,168.08 ETH, $3.15 billion USDT, $173 million USDC, and $525 million CUSD.

Based on the comparison of funds inflow data, this inflow has completely covered the funds gap caused by yesterday's hack. Additionally, all services of the Bybit trading platform, including withdrawals, have returned to normal.

SlowMist's Yu Xian: In Case of Unknown Attack Reasons, CZ's Suggested Withdrawal Suspension Is Also Correct

At 2:29 PM, SlowMist's founder Yu Xian posted on social media, stating that from a security perspective, in a situation where the reasons are unknown, the emergency halt of the wallet system is a correct move. Bybit's response to this theft was very fast, and the problem was quickly identified. SlowMist and some security teams immediately got involved in communication and quickly identified the problem and speculated on the hacker's profile. Bybit was well prepared and had no issues reopening withdrawals in a timely manner.

Xian explained that he believes both CZ's previous suggestion and Bybit's final resolution were correct. Currently, many industry insiders are focused on internal disputes, forgetting that the common enemy should be the North Korean hackers.

Du Jun: Will Transfer 10,000 ETH to Bybit, Will Not Withdraw for 1 Month

At 12:32 PM, ABCDE co-founder Du Jun posted on social media that he will personally transfer 10,000 ETH to Bybit today and will not withdraw for one month.

WSJ: CertiK Confirms Bybit Event as the Largest Crypto Theft in History

The Wall Street Journal cited the opinion of Web3.0 security firm CertiK, stating that the recent Bybit event is the largest single-incident theft in crypto history, with the stolen assets estimated at over $1.4 billion.

Following the event, Bybit announced that they have reported the incident to relevant authorities. Bybit's CEO Ben Zhou stated that all functions and products of Bybit are operating normally, the exchange has the capability to cover losses in full, and all withdrawal requests have been processed with normal withdrawal speeds restored.

SlowMist Cosmos: Safe Frontend Tampered to Achieve Deception, North Korean Hackers Have Conducted Similar Operations Multiple Times

At 11:40 a.m., SlowMist founder Cosmos posted on social media that the Safe contract is not the issue; the problem lies in the non-contract part where the frontend was tampered with to achieve deception. This is not an isolated case, as North Korean hackers successfully used this method several times last year, such as in the WazirX event (where $230 million was stolen, involving Safe multisig), Radiant Capital event ($50 million stolen, Safe multisig), and DMM ($305 million stolen, Gonco multisig). This attack method is highly sophisticated. Other platforms need to be more vigilant, as multisigs may have similar vulnerabilities beyond Safe.

Bybit Hacker's ETH Holdings Surpass Fidelity, Vitalik, Becoming the 14th Largest Holder Globally

Coinbase executive Conor Grogan posted on social media that the Bybit hacker (suspected to be from North Korea) has become the 14th largest ETH holder globally, holding approximately 0.42% of the total Ethereum token supply. This amount has surpassed Fidelity investment firm, Ethereum co-founder Vitalik Buterin's ETH holdings, and is more than double the Ethereum Foundation's ETH holdings.

Bybit CEO: Withdrawal System Fully Restored, Will Release Full Incident Report

At 10:51 a.m., Bybit CEO Ben Zhou stated that it has been 12 hours since the worst hack in history. All withdrawals have been processed. Bybit's withdrawal system is now fully restored, allowing users to withdraw any amount without delays. Thanking users for their patience, Bybit apologizes for the situation. Bybit will release a full incident report and security measures in the coming days.

Bybit Hacker's 15,000 cmETH Unstaking Request Denied, Potential Successful Intercept

At 9:15, according to on-chain data analyst Yu Jin's monitoring, 1 hour ago, Bybit hacker's 15,000 cmETH unstaking request was returned by the cmETH withdrawal contract. Subsequently, the hacker granted cmETH trading approval on DODO, but did not proceed with further transactions, likely due to the very shallow liquidity pool of cmETH.

This 15,000 cmETH should have been successfully intercepted. In addition to this 15,000 cmETH, the amount of ETH stolen from Bybit is 499,000 (approximately $1.37 billion), dispersed by the hacker across 51 addresses.

Safe: No Security Vulnerabilities Found After Comprehensive Audit, No Other Safe Addresses Affected

At 9:08, Safe responded on social media regarding the issue of "ByBit displaying what seemed to be correct transaction information, yet executing a malicious transaction on-chain with all valid signatures," stating:

· No Codebase Leak Found: A thorough check of the Safe codebase revealed no evidence of leaks or modifications.

· No Malicious Dependencies Found: There is no indication that malicious dependencies in the Safe codebase would impact transaction flows (i.e., a supply chain attack).

· Unauthorized Access to Infrastructure Not Detected in Logs

· No Other Safe Addresses Affected

Safe stated that it has temporarily suspended Safe{Wallet} functionality to ensure users have absolute confidence in the security of the Safe platform. While investigations show no evidence that the Safe{Wallet} frontend itself was compromised, a more thorough review is underway.

Bybit CEO: 99.99% of Withdrawal Requests Processed

At 8:52, Bybit CEO Ben Zhou posted on social media stating that since the hack incident (10 hours ago), Bybit has experienced the highest number of withdrawals we have ever seen, with over 350,000 withdrawal requests in total. Currently, approximately 2,100 withdrawal requests are pending. 99.994% of withdrawals have been completed overall. The entire team remained awake throughout the night, processing and addressing customer questions and concerns.

Bitget Transferred 40,000 ETH to Bybit 5 Hours Ago to Alleviate Withdrawal Pressure

At around 9:00 AM, according to on-chain data analyst Ember Monitor, Bitget supported Bybit with a transfer of 40,000 ETH (approximately $1.059 billion) 5 hours ago to tide over the ETH withdrawal surge following the recent hack. These ETH were directly transferred from Bitget to Bybit's cold wallet address.

At 7:27 AM, Bybit CEO Ben Zhou responded to the news of "Binance and Bitget cumulatively depositing over 50,000 ETH into Bybit's cold wallet," thanking Bitget for extending a helping hand. Bybit is still in communication with Binance and several other partners, and the funds described in the news are unrelated to Binance's official position.

Bybit: Has Collaborated Extensively with On-Chain Analytics to Restrain Hacker's ETH Dump

At 5:07 AM, Bybit's official social media post stated that they have reported the theft to the relevant authorities and will provide updates as soon as any further information is received. Bybit has swiftly and extensively collaborated with on-chain analytics providers to identify all involved addresses. These actions will mitigate and deter bad actors' ability to dispose of and dump ETH on the open market, thereby constraining available disposal channels.

North Korean Lazarus Group Accused of Orchestrating Bybit Hack

At 4:21 AM, Arkham posted on Platform X that ZachXBT submitted evidence at 7:09 PM UTC, proving that the North Korean Lazarus Group orchestrated the attack, accompanied by test transaction analysis, related wallet links, and evidence charts. This report has been submitted to the Bybit team to assist in the investigation.

Bybit CEO: Issue with Multi-Signature Transfers Not Noticed, Withdrawal Peak Over

At 1:29 AM, Bybit CEO Ben Zhou shared during a live broadcast that, "I was the last signer in the multi-signature transfer, using a ledger device, and there was an issue during signing, but I didn't notice, as the destination address was not displayed during signing. Currently, there are 4,000 pending withdrawal transactions."

Ben Zhou reiterated during the live broadcast that Bybit's treasury can cover the loss of 400,000 ETH. "We have processed 70% of the withdrawals, and the withdrawal peak has passed. Large withdrawals are undergoing regular security checks, and we are still processing the remaining withdrawals over the next few hours. All client withdrawals will be processed."

Ben Zhou also mentioned considering obtaining a bridge loan from partners to compensate for the stolen funds. "We will not purchase Ethereum. We are considering obtaining a bridge loan from partners to cover the stolen funds, with 80% of it already secured."

Safe Security Team is Collaborating with Bybit, No Evidence of Safe Frontend Compromise Yet

At 12:47 AM, the Safe Security Team posted that they are closely working with Bybit and conducting an ongoing investigation. Currently, there is no evidence of an official Safe frontend compromise. However, as a precautionary measure, Safe{Wallet} has temporarily disabled certain functions. User security is our top priority, and we will provide further updates as soon as possible.

Bybit Hacker Distributes 490,000 ETH to 49 Addresses, 15,000 cmETH Still Pending Unbonding

At 12:45 AM, according to EmberCN monitoring, Bybit's ETH multi-signature cold wallet was drained of 514,000 ETH, valued at $14.29 billion. The hacker has since distributed 490,000 ETH to 49 addresses (10,000 ETH each). "Additionally, there are still 15,000 cmETH currently being unbonded by the hacker (with an 8-hour unbonding period, it is uncertain if this can be stopped)."

SlowMist Reveals Details of Bybit Hacker's Attack

At 12:36 AM, SlowMist published details of the Bybit hacker's attack:

· The malicious implementation contract was deployed on UTC 2025-02-19 at 7:15:23

0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516

· The attacker, on UTC 2025-02-21 at 14:13:35, utilized three owners to sign a transaction replacing the Safe implementation contract with a malicious contract

0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882

· The malicious upgrade logic was embedded in STORAGE[0x0] via DELEGATECALL

0x96221423681A6d52E184D440a8eFCEbB105C7242

· The attacker used the backdoor functions sweepETH and sweepERC20 in the malicious contract to drain the hot wallet.

HE Yi, CZ, Justin Sun Successively Express Support for Bybit, Willing to Provide Assistance Anytime

At 12:29 AM, Binance Co-Founder HE Yi responded to the Bybit hack on social media, stating, "We are here when you need."

At 12:34 AM, Binance CEO CZ responded to the Bybit hack incident on social media, stating, "This is not an easy situation to handle. I suggest temporarily suspending all withdrawals as a standard security precaution. If needed, I am willing to provide any assistance. Good luck!"

At 12:39 AM, Huobi HTX Global Advisor and Tron TRON Founder Justin Sun responded to the Bybit hack incident on social media, saying, "We have been closely monitoring the Bybit incident and will make every effort to assist our partners in tracking the related funds and provide all the support we can within our capabilities."

Defillama Founder: Net Withdrawal Amount After Bybit Hack Reaches $700 Million

At 12:23 AM, Defillama Founder 0xngmi shared on social media, "So far, after the Bybit hack incident, the net outflow amount due to user withdrawals has reached $700 million."

Total of 514,723 Native and Derivative ETH Stolen from Bybit

According to OnchainLens monitoring, the specifics of the stolen funds flow from Bybit are as follows:

· 401,347 ETH, valued at $1.12 billion;
· 90,376 stETH, valued at $253.16 million;
· 15,000 cmETH, valued at $41.3 million;
· 8,000 mETH, valued at $23 million.

The total stolen native and derivative ETH amounts to 514,723.

Bybit CEO: Will Soon Conduct Livestream to Answer All Questions

At 12:20 AM, Bybit CEO Ben Zhou updated on Platform X, stating, "I will soon start a livestream to answer all questions!! Please stay tuned."

Ethena: Bybit's Hedging Position Related PNL is Under $30 Million, USDe Spot Assets Custodied Outside of CEX

At 12:16 AM, Ethena Labs stated, "We have noticed the current situation Bybit is facing and will continue to monitor the latest developments. A reminder: all USDe-supported spot assets are custodied in solutions outside of exchanges, including Bybit's custodianship through Copper Clearloop, specifically prepared for such scenarios."

No USD spot reserves are held on any exchange, including Bybit. Currently, the unrealized total profit and loss (PNL) related to Bybit's hedging position is less than $30 million, well below half of the reserve fund. USDe remains fully overcollateralized. We will provide updates as more information comes in.

ZachXBT: Bybit Hacker Moves 10,000 ETH to 39 New Addresses, Calls for Swift Blacklisting

ZachXBT posted that the Bybit hacker has moved 10,000 ETH to 39 new addresses. "If you are an exchange or service provider, please blacklist these addresses on all EVM chains."

SlowMist Cosmos: Bybit Hacker Attack Method Resembles North Korean Hackers

SlowMist co-founder Cosmos stated, "Although there is no concrete evidence now, judging from the Safe multisig approach and the current laundering method, it looks like the work of North Korean hackers."

February 21

Bybit Hacker Begins to Distribute Funds to Multiple Addresses

At 23:57, according to Arkham Monitor, the Bybit hacker has started to distribute funds to multiple addresses.

Bybit CEO: Platform Withdrawals Operating Normally, Remaining Cold and Hot Wallets Unaffected; Bybit Solvent and Able to Bear This Loss

At 23:53, Bybit CEO Ben Zhou updated that Bybit's hot wallets, warm wallets, and all other cold wallets have not been affected. The only wallet compromised was the ETH cold wallet. All withdrawals are functioning normally. He also emphasized, "Bybit remains solvent, and even if the losses from this hack cannot be recovered, all customer assets remain 1:1 supported, and we can bear this loss."

Bybit's Total Assets Valued at $15.727 Billion, Ethereum Assets Reach $5.18 Billion

As of February 21 at 23:54, according to Defillama data, Bybit's total assets are valued at $15.727 billion, including:

· $6.263 billion in Bitcoin;

· $51.8 billion Ethereum;

· $13.5 billion SOL;

· $11.43 billion TRON.

Bybit CEO: Hacker Controls Specific ETH Cold Wallet, Other Cold Wallets Secure and Withdrawals Operating Normally

At 11:44 PM, Bybit Co-Founder and CEO Ben Zhou stated, "Around 1 hour ago, Bybit's ETH multisig cold wallet made a transfer to our hot wallet. This transaction appears to have been disguised, with all signers seeing the disguised interface showing the correct address and URL from Safe.

However, the signed message was to alter the smart contract logic of our ETH cold wallet. This allowed the hacker to take control of our signed specific ETH cold wallet and transfer all ETH in the wallet to this unconfirmed address.

Rest assured, all other cold wallets are secure. All withdrawals are operating normally. I will continue to update as more information becomes available. We would be grateful for any team that can help us track the stolen funds."

Bybit Multisig Address Moves $15 Billion Worth of ETH and Uses DEX to Swap LSD Assets for Native ETH

Minutes later, crypto KOL Finish mentioned that according to on-chain data, a Bybit multisig address moved $15 billion worth of ETH to a new address. The funds arrived at the new address 0x47666fab8bd0ac7003bce3f5c3585383f09486e2, then were moved to 0xa4b2fd68593b6f34e51cb9edb66e71c1b4ab449e, where 0xa4 is currently selling stETH and mETH in exchange for ETH.

"Currently, this address is utilizing 4 different DEX. If they were just swapping LSD for native ETH, the transaction execution impact would be severe (high slippage). Such a scale is usually done through OTC trades, so this is very unusual."

Zachxbt Monitors Bybit's Alleged Suspicious Fund Outflow

Around 11:27 PM on February 21, the Zachxbt monitoring channel reported that it is currently monitoring a suspicious fund outflow from Bybit, totaling over $14.6 billion.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia