A hacker has managed to make off with solely round $132,000 from their assault on the crypto protocol Meta Pool, which created $27 million value of tokens they might have stolen. The assault was foiled by low liquidity and a pause on the exploited good contract.
The attacker was capable of mint 9,705 of the liquid staking protocol’s token mpETH value practically $27 million, however solely managed to steal round 52.5 Ether (ETH), value simply over $132,000 from the liquidity swap swimming pools, Meta Pool mentioned in a weblog submit on Tuesday.
It added that a number of the affected swimming pools had low liquidity and volumes, making it more durable for the assault to be carried out, and its “early detection programs” helped its staff shortly pause the affected contract, stopping “additional unauthorized exercise or further losses.”
Hacker exploited “quick unstake” operate
In an X submit on Tuesday, Meta Pool co-founder Claudio Cossio mentioned the hacker exploited a “quick unstake performance,” permitting them to mint hundreds of mpETH tokens.
Typically, after unstaking crypto, there’s a ready interval earlier than it turns into transferable; nonetheless, with quick unstaking, also called flash unstaking, the ready interval is voided, offered particular situations are met.
Blockchain safety agency PeckShield posted to X that the staking contract had a “crucial bug,” which allowed the hacker to mint mpETH without cost, however the “low liquidity of mpETH restricted the revenue.”
The Meta Pool staff mentioned that the assault “concerned the unauthorized minting of tokens by way of the ERC4626 mint() operate.”
Exploiter drains swap swimming pools
After minting the mpETH, the exploiter used most of it to empty the swap swimming pools of 52.5 ETH, affecting a number of Ethereum mainnet and Optimism swimming pools.
The Meta Pool staff mentioned, nonetheless, that an affected Optimism pool had “low liquidity and quantity.”
“It must be cleared that every one the Ethereum staked is secure, delegated within the SSV Community operators which is validating blocks and accruing staking rewards on the Ethereum mainnet,” the Meta Pool staff mentioned.
A full autopsy of the incident is anticipated within the subsequent two days, together with a restoration plan, based on the Meta Pool staff. Within the meantime, the affected mpETH contract will stay paused whereas the investigation continues.
Associated: $2.1B crypto stolen in 2025 as hackers shift focus from code to customers: CertiK
Meta Pool promised to “reimburse the belongings misplaced by this incident” and guarantee customers are “made entire.”
Crypto protocols hit with exploits
Alex Protocol, a Bitcoin decentralized finance platform on the Stacks blockchain, suffered an exploit on June 6, with $8.3 million in losses after a foul actor used a flaw within the self-listing verification logic to empty liquidity from a number of asset swimming pools.
In the meantime, Taiwan-based crypto change BitoPro confirmed on June 2 {that a} safety breach led to the lack of greater than $11.5 million in belongings from its scorching wallets on Could 8.
Journal: China to ban proudly owning Bitcoin? Gate.io to pay $30M over liquidations: Asia Categorical
