A significant security breach has reportedly led to a loss exceeding $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) from a notable cryptocurrency exchange. This incident was initially highlighted by onchain security analyst ZackXBT, who has urged users to blacklist wallets associated with the stolen assets.
In response to the alarming situation, a cybersecurity firm known for monitoring blockchain activities shared its insights about unusual activities related to the exchange. The findings pointed to suspicious behavior involving an official wallet associated with the exchange, leading them to contact the exchange directly to highlight the risks involved.
The exchange’s CEO confirmed the occurrence of the hack, outlining that a transaction from a multisignature wallet to a warm wallet was made approximately an hour prior to the discovery of the breach. While the transaction seemed legitimate on the surface, it was later discovered to contain harmful code that allowed the perpetrators to manipulate the smart contract in a way that facilitated the siphoning of funds. In light of this incident, the CEO assured the user base that all cold wallets remained secure and that the platform’s normal operations, including withdrawals, were unaffected.
Moreover, the CEO encouraged collaboration in tracking the stolen funds, seeking assistance from any team capable of offering support. There were also descriptions of how the transaction was obscured, as those involved in authorizing it were misled by what appeared to be a trustworthy interface.
As December had previously marked a downturn in cryptocurrency-related thefts, with reported losses falling to their lowest monthly total of the year, this recent event represents a stark contrast. Despite the overall decrease in thefts during December, where total losses amounted to $29 million, several significant exploits did take place. Major security firms tracking blockchain incidents disclosed that noted declines had occurred from the peak loss reported in October.
Incidents during December included a notable attack on a platform known as GemPad, resulting in a loss of $2.1 million, while another breach involving LastPass users led to $12.3 million being compromised. It was reported that the total theft from crypto-related crimes throughout 2024 reached $2.3 billion—this figure reflects a 40% increase compared to 2023, although it is lower than the losses incurred in 2022.
As further investigations into the recent breach continue, users remain concerned about the implications for the security of their assets on the exchange. The swift action of analysts and cybersecurity companies following the incident reflects a growing awareness within the crypto community about the necessity for vigilance against hacking attempts and system vulnerabilities.