Meter lost $4,4 million to DeFi bridge exploit
The theft of tokens caused a supply crisis on the Moonriver crypto exchange

08.02.2022 - 11:40
287
2 min
0
What’s new? The Meter Passport platform’s representatives have reported a loss of $4,4 million on Twitter because of the DeFi bridge exploit. A hacker took advantage of the vulnerability to steal tokens from the platform and then sold them on the Moonriver exchange at an undervalued price. This has led to a supply crisis.
1. Around 6am Pacific time we identified someone was able to leverage a vulnerability of the bridge to mint a large amount of BNB and WETH tokens and depleted the bridge reserve for BNB on WETH.— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
What are the details of the hack? The hackers used a feature on the Meter platform that automatically wraps and unwraps gas tokens such as ETH and BNB for user convenience. However, the contract did not block direct interaction of the wrapped ERC20 tokens for its own gas token and did not verify the correct number of wETH transferred from the callers’ addresses. The extended code had a “wrong trust assumption” that allowed hackers to fake BNB and ETH transfers by calling the underlying ERC20 deposit function.
How did the hacker cause a crisis on Moonriver? The attacker sold the stolen BNB tokens on the decentralized SushiSwap exchange at undervalued prices. This caused BNB prices on Hundred Finance’s Moonriver platform to plummet by 77%. The users then bought cheap tokens and used them to get ETH, FRAX, and MIM credits. However, because of the price discrepancy, their loans were worth more than the collateral, causing a supply crisis. Hundred Finance suffered a loss of $3,3 million.
The Meter team has pledged to reimburse its community and Hundred Finance for the losses incurred as a result of the hack.
Useful material?
Crypto regulations
Under the new law, no cryptocurrency reserve can be created at the state level
Jun 11, 2025
Mining
This is the 300th block mined within this pool
Jun 5, 2025
Incidents
The marketplace started operating in 2022 and allowed trading in stolen personal data
Jun 5, 2025
Incidents
Hackers laundered assets using Tornado Cash, Thorchain, and Wasabi mixers
Jun 2, 2025
Market
After June 30, fines and prison sentences will be imposed for violating the rules
Jun 2, 2025
Crypto regulations
He also stated the country’s aspiration to become a Eurasian IT hub
May 29, 2025