A significant security breach has led to a reported loss of over $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) from a well-known cryptocurrency exchange. The breach was first brought to attention by an onchain security analyst, who called for users to blacklist specific addresses associated with the stolen assets.
Following the alarming discovery, a blockchain monitoring service revealed that they had detected unusual activities related to the exchange’s official wallet. They reported suspicious patterns across several wallets and stated they were actively reaching out to inform the platform of these findings.
The co-founder of the exchange confirmed the hack and explained that a transaction had been made from the exchange’s multisignature wallet to a warm wallet shortly before the breach was detected. Initially, this transfer seemed legitimate, but it was later uncovered that malicious code had been embedded within it. The attackers had manipulated a smart contract governing these transactions, allowing them to drain the funds covertly.
The exchange’s management reassured users that all other assets stored in cold wallets were safe and that normal withdrawal processes were taking place. They expressed a commitment to keeping users informed as the investigation into the breach progressed and welcomed assistance in tracking the stolen funds.
Interestingly, the cryptocurrency ecosystem has seen fluctuations in thefts and hacks. In December 2024, losses dropped to the lowest monthly total of that year after several months of alarming increases in cybercrime. Notable blockchain security firms reported a total of $29 million lost that month—significantly lower than losses noted in previous months.
Despite this decline in overall thefts, there were still serious incidents reported, including significant breaches affecting users of various platforms. One instance involved hackers exploiting vulnerabilities in GemPad, resulting in a loss of $2.1 million, while FEG faced a $1 million theft due to a cross-chain verification issue. Another high-profile breach saw $12.3 million stolen from LastPass users, stemming from an earlier data security failure.
Although thefts decreased during the final month of 2024, the total losses from crypto-related crimes for that year amounted to approximately $2.3 billion—marking a 40% increase compared to the previous year. This figure, however, was lower than the more than $3.78 billion reported in 2022. A comprehensive report on Web3 security illustrated these trends, shedding light on the ongoing challenges within the cryptocurrency realm regarding securing assets against malicious attacks.
This recent security incident underscores the importance of vigilance among users and prompted calls for enhanced security measures across all platforms, especially given the increasingly sophisticated tactics employed by cybercriminals. Security experts continue to emphasize the necessity of robust protective measures for both exchanges and individual investors to mitigate the risks associated with trading in the volatile cryptocurrency market.