A criminal who exploited a crypto protocol by creating around $25 million worth of tokens has managed to steal only $133,000 worth of crypto assets, as the team rushed to pause the compromised smart contract.
In their preliminary incident report on Wednesday morning (UTC time), Meta Pool, a platform that helps users earn yield by staking cryptocurrency, confirmed that the attacker exploited one of the smart contracts on the Ethereum (ETH) blockchain, creating 9,705 mpETH tokens as a result. However, the criminal swapped only 52.5 ETH worth of mpETH, a token that is backed by already staked ETH. Initial estimations were that the attacker stole even less, or around $47,000 worth of assets.
In either case, the team claims that all the staked ETH on their platform is safe, while the mpETH smart contract is paused and all transfers are disabled. Additionally, other staking contracts on other networks available on Meta Pool, such as Solana, Internet Computer, NEAR, and others, are said to be unaffected by the exploit. The full scope of the exploit is still being evaluated, while the team also said they're developing an "actionable recovery plan," promising to reimburse all the losses of their users.
The attack was first discovered by security researchers at Blocksec, who helped Meta Pool "move quickly and pause the smart contract, preventing any further unauthorized activity or additional losses."
According to preliminary estimations, the attacker appears to have exploited a critical bug in the mint function to mint, or create, mpETH without depositing actual ETH.
Meanwhile, as criminals continue to hunt for bugs that allow them to exploit crypto protocols or steal funds in other ways, popular blockchain sleuth ZachXBT emphasized earlier today that "the crime supercycle is indeed very real."
Among other things, he also criticized outdated laws that help courts side with smart contract exploiters.
"Can we fix the system if the vast majority of people still do not care unless they lose money?" ZachXBT asked, concluding that "there's never been a worse time to be doing black hat (phishing, social engineering, robberies) vs gray hat activity when the current environment is favorable."
Your email address will not be published. Required fields are markedmarked