Meta Pool Hacker Steals 52.5 ETH Despite Quick Response

A hacker recently attempted to exploit the crypto protocol MetaMETA-- Pool, managing to mintMIMI-- 9,705 tokens worth nearly $27 million. However, due to low liquidity and the swift response of Meta Pool's early detection systems, the attacker was only able to steal approximately 52.5 Ether (ETH), valued at just over $132,000. The attack targeted the protocol's "fast unstake" functionality, which allowed the hacker to mint a large number of mpETH tokens without the usual waiting period. This vulnerability was exacerbated by a critical bug in the staking contract, enabling the unauthorized minting of tokens. Despite the exploit, the Meta Pool team was able to pause the affected contract quickly, preventing further unauthorized activity and additional losses.

The attacker used the minted mpETH tokens to drain several Ethereum mainnet and Optimism pools, but the low liquidity in some of these pools limited the overall impact. Meta Pool assured users that all Ethereum staked in the SSV Network operators remained safe and continued to accrue staking rewards. The team is expected to release a full post-mortem of the incident within the next two days, along with a recovery plan. In the meantime, the affected mpETH contract will remain paused while the investigation continues.

Meta Pool has committed to reimbursing the assets lost in this incident and ensuring that users are made whole. This exploit highlights the ongoing challenges faced by crypto protocols in securing their systems against sophisticated attacks. The incident serves as a reminder of the importance of robust security measures and the need for continuous monitoring and quick response mechanisms to mitigate potential losses.