Meter lost $4,4 million to DeFi bridge exploit
The theft of tokens caused a supply crisis on the Moonriver crypto exchange

08.02.2022 - 11:40
114
2 min
0
What’s new? The Meter Passport platform’s representatives have reported a loss of $4,4 million on Twitter because of the DeFi bridge exploit. A hacker took advantage of the vulnerability to steal tokens from the platform and then sold them on the Moonriver exchange at an undervalued price. This has led to a supply crisis.
1. Around 6am Pacific time we identified someone was able to leverage a vulnerability of the bridge to mint a large amount of BNB and WETH tokens and depleted the bridge reserve for BNB on WETH.— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
What are the details of the hack? The hackers used a feature on the Meter platform that automatically wraps and unwraps gas tokens such as ETH and BNB for user convenience. However, the contract did not block direct interaction of the wrapped ERC20 tokens for its own gas token and did not verify the correct number of wETH transferred from the callers’ addresses. The extended code had a “wrong trust assumption” that allowed hackers to fake BNB and ETH transfers by calling the underlying ERC20 deposit function.
How did the hacker cause a crisis on Moonriver? The attacker sold the stolen BNB tokens on the decentralized SushiSwap exchange at undervalued prices. This caused BNB prices on Hundred Finance’s Moonriver platform to plummet by 77%. The users then bought cheap tokens and used them to get ETH, FRAX, and MIM credits. However, because of the price discrepancy, their loans were worth more than the collateral, causing a supply crisis. Hundred Finance suffered a loss of $3,3 million.
The Meter team has pledged to reimburse its community and Hundred Finance for the losses incurred as a result of the hack.
Useful material?
Incidents
The attacker conducted a flash loan attack by exploiting vulnerabilities in the protocol.
Jul 21, 2023
Market
The former CEO of the exchange discussed building a bunker and conducting genetic experiments with his younger brother
Jul 21, 2023
Incidents
Hayden Adams restored the account nine hours later
Jul 21, 2023
Market
Chainlink CEO Sergey Nazarov predicted the growth of the blockchain industry by trillions of dollars
Jul 20, 2023
Market
The company stopped accepting bitcoin payments in May 2021
Jul 20, 2023
Politics
The bill is designed “to fight the rise in crypto-facilitated crime”
Jul 20, 2023