Hacker Exploits Meta Pool Protocol, Steals 52.5 ETH

A hacker recently attempted to exploit the crypto protocol Meta Pool, managing to mint 9,705 tokens worth nearly $27 million. However, due to low liquidity and the swift response of Meta Pool's early detection systems, the attacker was only able to steal approximately 52.5 Ether (ETH), valued at just over $132,000. The attack targeted the protocol's "fast unstake" functionality, which allows for the immediate transfer of unstaked crypto under specific conditions. This vulnerability enabled the hacker to mint mpETH tokens without the usual waiting period.

Meta Pool's co-founder, Claudio Cossio, confirmed the exploit in a post, detailing how the hacker took advantage of a critical bug in the staking contract. The low liquidity of mpETH limited the attacker's potential profit, as they were only able to drain 52.5 ETH from the swap pools. The affected pools included several on the Ethereum mainnet and Optimism, with one Optimism pool noted for its low liquidity and volume. Despite the incident, Meta Pool assured users that all Ethereum staked remains safe and is being validated by the SSV Network operators.

The Meta Pool team is expected to release a full post-mortem of the incident within the next two days, along with a recovery plan. The affected mpETH contract will remain paused during the investigation. Meta Pool has committed to reimbursing the assets lost in the incident and ensuring that users are made whole. This incident highlights the ongoing challenges faced by crypto protocols in securing their systems against exploits, as similar incidents have affected other platforms.