Hacked on Bybit: How My Funds Vanished from My CEX Wallet Through Web3

As an active trader on Bybit, I’ve always been mindful of security measures to protect my assets. However, nothing could have prepared me for the shocking experience when my Bybit CEX wallet was drained due to a breach in my Web3 wallet.

It started when I transferred some TON tokens from my Bybit centralized exchange (CEX) wallet to my Bybit Web3 wallet. Initially, everything seemed to work fine, but when I tried to transfer the funds back from the Web3 wallet to the CEX wallet, it failed. No matter how many times I attempted, the transfer wouldn't process. This was concerning because Bybit’s app allows me to access both wallets easily through separate windows, yet the funds were seemingly stuck.

At first, I thought it was a technical issue, so I logged several reports with Bybit’s customer support. Unfortunately, their response was lackluster, as they didn’t seem to take the matter seriously. Left frustrated and suspicious, I decided to take matters into my own hands and investigate deeper.

During this period, I was noticeably silent online. As many of you know, I regularly post market analysis and trading advice, but over the past month, I had to shift my focus completely to tracking down this security breach. I became consumed with finding out how my Bybit CEX wallet had been drained.

I took drastic measures to safeguard my data: I formatted and reset my phone, changed all my login passwords for every app, and even reformatted my PC. Before I did all this, I spent considerable time searching for any breaches on my devices. That’s when I discovered that even platforms like Telegram are rife with malicious apps. These apps could have easily been part of the breach, as they operate quietly in the background, often without detection.

As I investigated further, I started to suspect that my Web3 wallet had been compromised. Here’s the alarming part: while the Web3 wallet was the point of compromise, the funds stolen came directly from my Bybit CEX wallet. It appears that the hacker exploited a connection between the two wallets through Web3, gaining unauthorized access to my CEX funds.

What makes this attack particularly tricky is the nature of Web3 wallets. Unlike CEX wallets, Web3 wallets interact with decentralized applications (dApps) and smart contracts, often operating outside centralized security controls. Hackers can use malicious smart contracts or unauthorized wallet approvals to gain access, and that’s exactly what I suspect happened. The compromise allowed them to drain my Bybit CEX wallet without triggering the usual red flags like unfamiliar IP addresses or login attempts.

If you’re participating in Web3-related activities, I strongly urge you to closely inspect your wallet settings. If you’ve connected your Bybit Web3 wallet to any dApps or platforms, check for any unauthorized wallet approvals. This type of hack bypasses the usual security measures, making it incredibly hard to detect until it’s too late. Because the attack was linked to Web3, there’s no record of suspicious IP addresses or logins. This makes it difficult to report, and in my case, Bybit’s customer service didn’t seem to grasp the seriousness of the issue.

The lack of meaningful support from Bybit has been frustrating, but we as users need to be vigilant and proactive. Sharing these experiences is crucial because official support channels may not always be helpful when dealing with more sophisticated hacking techniques.

In the next section, I’ll outline the steps you can take to prevent similar breaches, including how to secure your Web3 wallet and monitor for unauthorized access.