DeFi infrastructure company Meter lost about $4.3 million in Bitcoin and Ethereum in a hack.
Community, unfortunately Meter Passport was hacked a few hours ago. Please do not trade the unbacked meterBNB that is circulating on Moonriver.
We have identified the issue: Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience.
— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
According to PeckShield specialists, the damage amounted to 1391 ETH and 2.74 BTC. Meter confirmed the hack.
The @Meter_IO is hacked with the loss of $~4.3M (including 1391.24945169 ETH + 2.74068396 BTC). The extension over the original (unaffected) ChainBridge introduces a false deposit issue !!! https://t.co/YShfXnEZzD pic.twitter.com/oY6bpau8DA
— PeckShield Inc. (@peckshield) February 6, 2022
The attacker took advantage of a vulnerability in the automatic “unpacking” of gas tokens in the protocol, such as ETH and BNB.
“We have identified the issue: Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience.
However the contract did not block direct interaction of the wrapped ERC20 tokens for the native gas token and did not properly transfer and verify the correct number of WETH transferred from the callers’ address. We are working on compensating funds to all affected users.”
Based in Palo Alto, California, USA, Meter provides a smart contract interconnection service for DeFi.
The company said that they restored their cross-chain bridge, updated smart contracts.
“First and foremost, we want to thank our entire community and each one of our partners for their incredible support over the last 48 hours as we navigated the exploit on our bridge. We are happy to announce that we have upgraded our smart contracts and Passport is back online!”
The team says they have engaged a third-party auditor for the protocol code:
“We have engaged security audit firms for passport v1.5, which will be released soon. It will come with enhanced security and significantly lower fees.”
To compensate victims, the firm reserved $4.4 million in MTRG tokens.
“We’ve set aside $4.4M of MTRG based on today’s price.”
Follow Us on Twitter and Facebook.
Disclaimer: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic’s opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.