Bybit Reports Security Breach as Hackers Drain $1.4 Billion in ETH and mETH

Cryptocurrency exchange Bybit has reportedly lost over $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) due to a security breach. The incident was flagged by onchain security analyst ZackXBT, who urged users to blacklist addresses linked to the stolen funds, Cointelegraph reported.Bybit Confirms Breach, Investigates Stolen FundsFollowing the recent Bybit security breach, Cyvers Alerts shared their findings on abnormal activity linked to the exchange."Our system has detected abnormal activity, including suspicious behavior involving the Bybit Official wallet. Several wallets are exhibiting highly suspicious patterns, and we are actively reaching out to the exchange to warn them," Cyvers Alerts shared on X. 🚨ALERT🚨Our system has detected abnormal activity, including suspicious behavior involving the wallet!Several wallets are exhibiting highly suspicious patterns, and we are actively reaching out to the exchange to warn them. The total affected assets are… Bybit co-founder and CEO Ben Zhou acknowledged the hack. He stated that a transfer was made from the exchange’s multisignature wallet to a warm wallet about an hour before the breach was identified.According to Zhou, the transaction appeared legitimate but contained malicious code. He said the attackers altered the smart contract logic, allowing them to drain funds. Zhou assured users that the exchange is investigating the breach.JUST IN: Bybit founder confirms $1.4 billion hack, asserts solvency even if losses remain uncovered. "Please rest assured that all other cold wallets are secure. All withdrawals are NORMAL. I will keep you guys posted as more develops. If any team can help us to track the stolen fund will be appreciated," Zhou wrote. Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from . However the signing message was to change…December Sees Decline in Crypto TheftAfter months of rising crypto hacks and scams, losses dropped in December 2024, marking the lowest monthly total of the year. Blockchain security firms CertiK and PeckShield reported $29 million in losses, a sharp decline from October’s peak.Despite the decrease, notable incidents occurred, including attacks on GemPad and LastPass users. CertiK recorded $28.6 million in losses, down from $63.8 million in November. PeckShield reported $24.7 million in hack-related losses, a 71% month-over-month decrease.GemPad suffered the most significant exploit, with attackers draining $2.1 million. FEG lost $1 million due to a cross-chain verification error. Hackers also stole $12.3 million from LastPass users following a past data breach, as reported by Finance Magnates.While December saw a decline, crypto-related thefts in 2024 totalled $2.3 billion, a 40% increase from 2023 but lower than 2022’s $3.78 billion, according to Cyvers' Web3 Security Report.