The theft of tokens caused a supply crisis on the Moonriver crypto exchange

​Meter lost $4,4 million to DeFi bridge exploit

08.02.2022 - 11:40

44

2 min

What’s new? The Meter Passport platform’s representatives have reported a loss of $4,4 million on Twitter because of the DeFi bridge exploit. A hacker took advantage of the vulnerability to steal tokens from the platform and then sold them on the Moonriver exchange at an undervalued price. This has led to a supply crisis.

What are the details of the hack? The hackers used a feature on the Meter platform that automatically wraps and unwraps gas tokens such as ETH and BNB for user convenience. However, the contract did not block direct interaction of the wrapped ERC20 tokens for its own gas token and did not verify the correct number of wETH transferred from the callers’ addresses. The extended code had a “wrong trust assumption” that allowed hackers to fake BNB and ETH transfers by calling the underlying ERC20 deposit function.

How did the hacker cause a crisis on Moonriver? The attacker sold the stolen BNB tokens on the decentralized SushiSwap exchange at undervalued prices. This caused BNB prices on Hundred Finance’s Moonriver platform to plummet by 77%. The users then bought cheap tokens and used them to get ETH, FRAX, and MIM credits. However, because of the price discrepancy, their loans were worth more than the collateral, causing a supply crisis. Hundred Finance suffered a loss of $3,3 million.

The Meter team has pledged to reimburse its community and Hundred Finance for the losses incurred as a result of the hack.

Author:

Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy