The Bybit official X have just confirmed that one of the exchanges wallets have been exploited for somewhere in the region of $1.4B worth of ETH and stETH.
They said..
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.
Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.
We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption.
Transparency and security remain our top priorities, and we will provide updates asap.
The co-founder and CEO Ben Zhou also put out a post that said
Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.
At the time of writing the stolen coins were being sold off with about $200m worth sold.