A recent attack on the crypto protocol Meta Pool resulted in the theft of only a small amount, despite potential losses amounting to $27 million. The circumstances of the attack are detailed in a blog post from the Meta Pool team.
Attack Details on Meta Pool
The attacker was able to mint 9,705 mpETH tokens worth nearly $27 million, but only managed to steal around 52.5 ETH, equivalent to over $132,000 from liquidity swap pools.
Exploitation of Fast Unstake Function
Meta Pool co-founder Claudio Cossio reported that the hacker exploited a fast unstake functionality, allowing them to mint thousands of mpETH tokens. Normally, after unstaking crypto, there is a waiting period, but with fast unstaking, this period is waived under certain conditions.
Security Conditions and Future Plans
The Meta Pool team assures that all staked Ethereum is safe and that they plan to reimburse users for the losses incurred due to this attack. The affected mpETH contract will remain paused while the investigation continues.
The attack on Meta Pool highlights vulnerabilities in crypto protocols, despite successful measures to prevent larger losses. A full post-mortem of the incident and recovery plans are expected in the coming days.
