Analysts have discovered a vulnerability in the staking platform Meta Pool
The project’s team stopped the work of one of the contracts to fix the bug
17.06.2025 - 15:15
494
2 min
0
What’s new? Experts from cybersecurity company PeckShield have reached out to the team of multi-chain liquid staking platform Meta Pool with information about the discovered vulnerability. On their X page, the experts warned that a critical bug in the platform’s staking contract allows for the free issuance of mpETH coins, which are made available to users after the original ETH is blocked in staking.
What else is known? In particular, PeckShield detected a suspicious transaction in which an unknown user minted more than 9700 mpETH for free, valued at around $27 million. At the same time, the low liquidity of the asset limited the profit from the transaction to only 10 ETH.
Meta Pool later confirmed an attack on the mpETH contract on the Ethereum network, which allowed unauthorized minting of the asset via the mint function.
Thanks to early detection, the team promptly halted the contract and prevented further damage.
The project’s team has already started studying the potential impact of the exploit on various decentralized crypto exchanges (DEXs) and cross-chain protocols. It is also investigating the attack vector, working on fixing the vulnerability, and preparing a further action plan for the community.
Stablecoin volume on the Ethereum blockchain hits record at $908 billion
The criminal funds were moving on the Ethereum and TRON networks
Run by a decentralized autonomous organization (DAO), the Meta Pool platform allows NEAR, ETH, SOL, AURORA, and Q tokens to be placed into staking. It provides users with staking rewards and liquid staking tokens that can be used in DeFi protocols to generate additional yields while the original coins are blocked.
The project successfully passed an audit by IS firm BlockSec in February 2022.
Earlier this month, leading centralized crypto exchange (CEX) MEXC launched a $100 million fund to compensate customers in the event of a hack or outage.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 706
BTC
-3.56%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.11
XRP
-4.05%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.07963
DOGE
-5.56%
-
Zcash
$423.98
ZEC
-7.33%
-
Stellar XLM
$0.194092
XLM
-8.97%
-
Cardano
$0.151832
ADA
-5.89%
-
Polkadot
$3.32
DOT
+5.27%