Liquidity structure protocol Meta -Pool has suffered a contract -exploit that led to unauthorized token minting and losses of more than $ 133,000.
Meta Pool could contain the incident before further damage was caused, according to a 17 June Blog post.
According to the team, the attack was identified by “early detection systems” and support for blockchain security firm blocksec, which helped them to respond quickly and pause the MPETH contract to “prevent unauthorized activity or extra losses.”
The Meta -Pool team attributed the incident to a vulnerability in the ERC4626 Mint () function of his MPeth contract.
In a separate X afterCo-founder of Meta Pool Claudio Cossio suggested that the attacker may have used the rapid non-stab function of the protocol to bypass the typically unused period and bypass Mint Mpeth without reducing the collateral.
The attackers were able to do 9,705 Mpeth tokens mint, with a value of almost $ 27 million, with the help of an error in Ethereum-based liquid device of the protocol. Due to the limited liquidity in affected Polish, however, the exploor was only able to convert the tokens into 52.5 ETH, with a value of around $ 133,000 at current prices.
The stolen funds were taken from Swappools over the Ethereum Mainstet and Layer 2 networks, including optimism.
Meta Pool said that the Uniswap -Pool was only good for 37.5 ETH in losses, and added that “the majority of this liquidity was supplied by the Meta Pool Dao.”
A complete post-mortem and recovery plan is expected within 48 hours and the protocol has promised to reimburse affected users.
The incident had no influence on the 913 ETH that was initially established by the MPeth contract, which remains protected with SSV network operators. Meta Pool has also confirmed that the stick contracts on Near, Solana, Aurora, Internet Computer, Q and Story remain unaffected.
This month this month marks the second remarkable Defi -exploit. On 6 June, the Bitcoin-based platform Alex Protocol suffered a violation of $ 8.3 million after a vulnerability in his self-lighting verification logic, an attacker enabled to dispose of multiple assetools.
Alex Protocol has since announced a Treasury Grant program to repay affected users in a mix of original tokens and USDC.
