4 hours ago
A hacker has managed to marque disconnected with lone astir $132,000 from their onslaught connected the crypto protocol Meta Pool, which created $27 cardinal worthy of tokens they could person stolen. The onslaught was foiled by debased liquidity and a intermission connected the exploited astute contract.
The attacker was capable to mint 9,705 of the liquid staking protocol’s token mpETH worthy astir $27 million, but lone managed to bargain astir 52.5 Ether (ETH), worthy conscionable implicit $132,000 from the liquidity swap pools, Meta Pool said successful a blog post connected Tuesday.
It added that immoderate of the affected pools had debased liquidity and volumes, making it harder for the onslaught to beryllium carried out, and its “early detection systems” helped its squad rapidly intermission the affected contract, preventing “further unauthorized enactment oregon further losses.”
Source: Meta Pool Hacker exploited “fast unstake” function
In an X post connected Tuesday, Meta Pool co-founder Claudio Cossio said the hacker exploited a “fast unstake functionality,” allowing them to mint thousands of mpETH tokens.
Generally, after unstaking crypto, determination is simply a waiting play earlier it becomes transferable; however, with accelerated unstaking, besides known arsenic flash unstaking, the waiting play is voided, provided circumstantial conditions are met.
Blockchain information steadfast PeckShield posted to X that the staking declaration had a “critical bug,” which allowed the hacker to mint mpETH for free, but the “low liquidity of mpETH constricted the profit.”
Source: Claudio CossioThe Meta Pool squad said that the onslaught “involved the unauthorized minting of tokens done the ERC4626 mint() function.”
Exploiter drains swap pools
After minting the mpETH, the exploiter utilized astir of it to drain the swap pools of 52.5 ETH, affecting respective Ethereum mainnet and Optimism pools.
The Meta Pool squad said, however, that an affected Optimism excavation had “low liquidity and volume.”
“It needs to beryllium cleared that each the Ethereum staked is safe, delegated successful the SSV Network operators which is validating blocks and accruing staking rewards connected the Ethereum mainnet,” the Meta Pool squad said.
A afloat post-mortem of the incidental is expected successful the adjacent 2 days, on with a betterment plan, according to the Meta Pool team. In the meantime, the affected mpETH declaration volition stay paused portion the probe continues.
Meta Pool promised to “reimburse the assets mislaid by this incident” and guarantee users are “made whole.”
Crypto protocols deed with exploits
Alex Protocol, a Bitcoin decentralized concern level connected the Stacks blockchain, suffered an exploit connected June 6, with $8.3 cardinal successful losses aft a atrocious histrion utilized a flaw successful the self-listing verification logic to drain liquidity from respective plus pools.
Meanwhile, Taiwan-based crypto speech BitoPro confirmed connected June 2 that a security breach led to the loss of much than $11.5 cardinal successful assets from its blistery wallets connected May 8.
Magazine: China to prohibition owning Bitcoin? Gate.io to wage $30M implicit liquidations: Asia Express
English (US) 