Bybit lost more than $1.5 billion after attackers deceived multisig signers into approving a malicious change to the exchange’s ETH cold wallet logic. QuillAudits says the attack relied on social engineering and likely malware on signer devices, with a fake or manipulated Safe-like interface showing benign transaction details while the real approval transferred wallet control. The stolen assets were converted into ETH and split across 48 addresses, while Bybit began tracing funds, offered a $140 million bounty, and said customer assets remained fully backed. The report’s main defensive lesson is that multisig and cold-wallet controls still require hardened signer devices, independent transaction verification, and zero-trust approval processes.