The recent incident involving an exploit on Meta Pool has drawn attention in the DeFi community. While the potential loss was significant, the actual theft was much lower.
Incident Details
On Tuesday, October 10, Meta Pool reported a theft attempt where the hacker exploited the 'fast unstake functionality' to mint 9,705 mpETH tokens valued at nearly $27 million. However, due to limited liquidity and swift team action, the hacker managed to convert only a fraction of these tokens into 52.5 ETH, worth just over $132,000.
Vulnerability in the Contract
According to blockchain security firm PeckShield, the vulnerability arose from a critical bug in the staking contract's ERC4626 mint() function. This flaw allowed the attacker to mint mpETH tokens without any cost. However, due to the low liquidity of mpETH, the hacker's ability to convert the minted tokens into ETH was significantly limited.
Rising Exploit Cases in DeFi
The Meta Pool incident is part of a growing trend of exploit cases on DeFi platforms this month. For instance, on June 6, Bitcoin-based platform Alex Protocol lost $8.3 million due to a self-listing flaw, and Taiwan-based exchange BitoPro reported an $11.5 million hot wallet breach from May 8. These events highlight the need for rigorous security protocols in DeFi.
The Meta Pool incident serves as a reminder of the critical importance of security in the DeFi space. Despite securing users' assets in this case, the risks in the industry remain, necessitating stricter safety measures.
