Meta Pool has confirmed that an exploit on its mpETH (Liquid Stake Ethereum) contract on the Ethereum blockchain resulted in a theft of approximately $47,000.
Key takeaways
- Meta Pool confirmed a $47,000 exploit on its mpETH Ethereum contract caused by unauthorized token minting on their mpETH contract.
- The attack was swiftly contained thanks to early detection, with the contract paused and all transfers disabled to prevent further losses.
- The initial 913 Ethereum staked are not affected, given the contract was paused
- A full investigation is underway, with Meta Pool prioritizing a transparent recovery plan and long-term security.
- The rest of the staking contracts on Aurora, Internet Computer, NEAR, Q, Story and Solana are unaffected.
The attack, which involved the unauthorized minting of tokens through the ERC4626 mint() function, was swiftly detected by security researchers and contained by the founding team.
In an official statement to its community, Meta Pool explained that the exploit occurred earlier in the day and that initial assessments show the attacker was able to create tokens illegitimately, prompting immediate action.
Thanks to the early detection systems in place, the founding team was able to move quickly and pause the smart contract, preventing any further unauthorized activity or additional losses.
The team emphasized that it is currently evaluating the broader impact of the incident across decentralized exchanges (DEXs) and the Optimism (OP) canonical bridge.
As investigations continue, Meta Pool has committed to conducting a full analysis of the attack vector to understand precisely how the vulnerability was exploited.
Resolving the security issue is now a top priority, and developers are actively working on patching the vulnerability to ensure the safety of user funds and system integrity. Alongside the technical efforts of the Blocksec team, Meta Pool is preparing a transparent and actionable recovery plan that it will present to its community once the situation is fully understood.
The goal, according to the team, is to handle the incident responsibly and maintain the trust of its users by being transparent and proactive in its response.
The mpETH contract will remain paused while the investigation and necessary mitigation steps are underway. Meta Pool reiterated that safeguarding its protocol and user assets remains its highest priority and thanked its community for their patience and support during this time.
Users who have questions or concerns are encouraged to open a ticket through Meta Pool’s official Discord server, where the team is reviewing and responding to reports as quickly as possible.
Further updates will be provided as soon as more detailed information becomes available. Meta Pool’s response underscores the growing importance of robust security practices in DeFi, particularly as platforms continue to expand across multiple chains and protocols.
The swift containment of the incident, while unfortunate, demonstrates the value of rapid incident response in minimizing damage and upholding community confidence.
Read the full article here
