Meta Pool fended off an attack on $27 million with a loss of only nearly $133,000

Multi-chain liquid staking ecosystem Meta Pool reported an attempted hacker attack that resulted in an attacker being able to illegally create nearly $27 million worth of mpETH tokens статьи( )примерно.

The attack was carried out due to a vulnerability in the fast unstake functionality — a quick withdrawal of staking assets, which allows users to avoid the usual waiting period before transferring coins. It was this feature that allowed the hacker to exploit a critical vulnerability and generate a large amount of mpETH tokens for free.

The company PeckShield, which specializes in blockchain security, confirmed:

After the illegal issuance of mpETH, the hacker attempted to exchange them for Ethereum assets, using liquidity pools on Ethereum and Optimism. He was able to withdraw only 52.5 ETH, as most of the pools had low liquidity.

Meta Pool promised to "compensate for all assets lost as a result of the incident."

Let us remind you that the incident with Meta Pool was part of a broader wave of attacks on DeFi protocols. The exchange BitoPro (Taiwan) confirmed a loss of over $11.5 million due to the hacking of hot wallets on May 8.

On June 6, the Alex Protocol platform based on the Stacks blockchain lost $8.3 million due to a bug in the self-listing mechanism of assets.