Another blockchain infrastructure platform has fallen victim to hackers, and it’s the third attack in recent weeks. This time Meter, the blockchain infrastructure, was attacked and saw more than $4.3 million stolen.
Meter allows smart contracts to scale and travel through heterogeneous blockchain networks, including Ethereum. Around 2 p.m. on Saturday afternoon, this DeFi infrastructure announced it was hacked and urged users not to trade unbacked meterBNB circulating on Moonriver.
“Around 6 a.m, we noticed someone was able to utilize a weakness of the bridge to mint a significant volume of BNB and WETH tokens and emptied the bridge reserve for BNB on WETH,” the DeFi infrastructure provider said.
Hackers Exploit Platform’s Weakness
According to Meter, it has suspended all bridge transactions immediately and launched an investigation. “We identified the problem as a fault in the automated wrap of native tokens like BNB and Ethereum,” it said.
Meter is a DeFi infrastructure that uses the $MTR cryptocurrency, a crypto-native, metastable form of currency. It regulates the blockchain ledger built on HotStuff-based Proof-of-Stake consensus using $MTRG, the Meter governance token. Meter is a highly decentralized, high-performance Ethereum side chain constructed on top of the Ethereum blockchain.
ETHUSD was trading at 3081 in the daily chart | Source: TradingView.com
The cyberattack impacted both the Meter and Moonriver communities and the public. According to PeckShield, a blockchain research service, the breach resulted in the loss of 1391 ETH and 2.74 BTC.
Meter said it has identified the source of the problem: a passport that includes a function that automatically wraps and unwraps gas tokens like as ETH and BNB.
The @Meter_IO is hacked with the loss of $~4.3M (including 1391.24945169 ETH + 2.74068396 BTC). The extension over the original (unaffected) ChainBridge introduces a false deposit issue !!! https://t.co/YShfXnEZzD pic.twitter.com/oY6bpau8DA
— PeckShield Inc. (@peckshield) February 6, 2022
Neither the contract nor the caller’s address prevented the direct contact between wrapped ERC20 tokens and the native gas token, nor did it appropriately send and verify the correct amount of WETH from the caller’s address, Meter explained, adding it is working on paying all affected consumers.
Faulty Trust Assumption
According to official reports, a bug found in the Meter team’s automated wrap of native currencies such as BNB and ETH caused all bridge transactions to be halted at 6 pm. The hacker then generated fictitious BNB and ETH transfers by calling the underlying ERC20 deposit function, which was made possible since the code had an erroneous trust assumption.
Company officials are now collaborating with law enforcement and claiming to have uncovered early hacker evidence. They’re pleading with the criminal to return the funds that have been taken.
A strong recommendation is made to any liquidity providers that supply WETH and BNB liquidity to remove their assets from the pool and wait for additional announcements from the Meter team.
Related Reading | Hackers Cart Away $200 Million From BitMart In Multi-Chain Exploit
Featured image from Cointelegraph, chart from TradingView.com