“We have detected the problem: Passport has a function that allows users to easily wrap and unwrap gas tokens such as ETH and BNB. Nevertheless, the contract did not prevent direct contact between the wrapped ERC20 tokens and the native gas token, nor did it correctly transmit and validate the right amount of WETH from the callers’ address. The firm said it is now working on reimbursing all impacted users. By 6 p.m., Meter had halted all bridge transactions and determined that the problem was caused by a flaw “created in the automatic wrap and wrap of indigenous tokens such as BNB and ETH enhanced by the Meter team.”
As per Meter, the expanded code had a “mistake in trust” that enabled the hacker to create bogus BNB and ETH remittances by “activating the underlying ERC20 deposit mechanism. They are collaborating with police and claim to have discovered “early evidence of the hacker,” pleading with the perpetrator to refund the stolen funds. According to reports, compensation arrangements are being developed for customers who own WETH and BNB, and also the “providers of liquidity.” We strongly encourage any liquidity providers who offer liquidity using WETH and BNB to withdraw from the pool and await further communication from the Meter team.
The @Meter_IO is hacked with the loss of $~4.3M (including 1391.24945169 ETH + 2.74068396 BTC). The extension over the original (unaffected) ChainBridge introduces a false deposit issue !!! https://t.co/YShfXnEZzD pic.twitter.com/oY6bpau8DA
— PeckShield Inc. (@peckshield) February 6, 2022
Community, unfortunately Meter Passport was hacked a few hours ago. Please do not trade the unbacked meterBNB that is circulating on Moonriver.
We have identified the issue: Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience.
— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
Please refrain from dealing in these currency pairings as well,” the company elaborated. A total of $324 million was stolen on Wednesday via the widely used decentralized cross-chain message transmission mechanism, Wormhole. Researchers discovered proof of an 80,000 ETH transaction from Wormhole, and also a hacker selling another 40,000 ETH on Solana.
Community, we really appreciate everyone’s patience and support as we work to get back up and running after this morning’s exploit.
We have detailed everything in the below thread:
— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
They have given the hacker $10 million in exchange for the money restoration and the same sum to anybody who can reveal details “resulting in the trial and imprisonment of those liable for the breach.” Five days prior to the Wormhole attack, Qubit Finance, a DeFi protocol, came to Twitter to plead with hackers to recover over $80 million that had been taken from them.
We are working on taking a snapshot from before the attack & will convert the original BNB & WETH to 1:1 their values in MTRG, the rest inflated BNB & WETH will be converted based on the hacker stolen value from the LP pools.
We’ve set aside $4.4M of MTRG based on today’s price.
— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022
Okay this is too interesting to stay away. Looks like the wormhole exploiter is wrecking havoc on the solana side too.https://t.co/s3mfQvlGvU pic.twitter.com/vRKDFKZLDi
— Robot Dad (@0xB07DAD) February 2, 2022
The new intrusions are the latest in a series of assaults against DeFi and blockchain platforms over the past year. Chainalysis stated that in 2021, a minimum of $2.2 billion was directly stolen from DeFi protocols. Poly Network’s platform was robbed of $611 million in August, while Bitmart recorded a loss of $196 million at the start of December.