A hacker has managed to make off with solely round $132,000 from their assault on the crypto protocol Meta Pool, which created $27 million value of tokens they might have stolen. The assault was foiled by low liquidity and a pause on the exploited good contract.
The attacker was in a position to mint 9,705 of the liquid staking protocol’s token mpETH value almost $27 million, however solely managed to steal round 52.5 Ether (ETH), value simply over $132,000 from the liquidity swap swimming pools, Meta Pool stated in a weblog submit on Tuesday.
It added that among the affected swimming pools had low liquidity and volumes, making it tougher for the assault to be carried out, and its “early detection techniques” helped its crew rapidly pause the affected contract, stopping “additional unauthorized exercise or extra losses.”
Hacker exploited “quick unstake” operate
In an X submit on Tuesday, Meta Pool co-founder Claudio Cossio stated the hacker exploited a “quick unstake performance,” permitting them to mint 1000’s of mpETH tokens.
Typically, after unstaking crypto, there’s a ready interval earlier than it turns into transferable; nevertheless, with quick unstaking, also referred to as flash unstaking, the ready interval is voided, offered particular circumstances are met.
Blockchain safety agency PeckShield posted to X that the staking contract had a “vital bug,” which allowed the hacker to mint mpETH without cost, however the “low liquidity of mpETH restricted the revenue.”
The Meta Pool crew stated that the assault “concerned the unauthorized minting of tokens via the ERC4626 mint() operate.”
Exploiter drains swap swimming pools
After minting the mpETH, the exploiter used most of it to empty the swap swimming pools of 52.5 ETH, affecting a number of Ethereum mainnet and Optimism swimming pools.
The Meta Pool crew stated, nevertheless, that an affected Optimism pool had “low liquidity and quantity.”
“It must be cleared that each one the Ethereum staked is secure, delegated within the SSV Community operators which is validating blocks and accruing staking rewards on the Ethereum mainnet,” the Meta Pool crew stated.
A full autopsy of the incident is anticipated within the subsequent two days, together with a restoration plan, in accordance with the Meta Pool crew. Within the meantime, the affected mpETH contract will stay paused whereas the investigation continues.
Associated: $2.1B crypto stolen in 2025 as hackers shift focus from code to customers: CertiK
Meta Pool promised to “reimburse the property misplaced by this incident” and guarantee customers are “made complete.”
Crypto protocols hit with exploits
Alex Protocol, a Bitcoin decentralized finance platform on the Stacks blockchain, suffered an exploit on June 6, with $8.3 million in losses after a nasty actor used a flaw within the self-listing verification logic to empty liquidity from a number of asset swimming pools.
In the meantime, Taiwan-based crypto alternate BitoPro confirmed on June 2 {that a} safety breach led to the lack of greater than $11.5 million in property from its sizzling wallets on Might 8.
Journal: China to ban proudly owning Bitcoin? Gate.io to pay $30M over liquidations: Asia Categorical
