Latest DeFi Bridge Exploit Leads To $4.4M Losses For Meter

The Meter Passport token

bridge platform

has incurred $4.4 million in losings because of a sensible contract hack which additionally prompted Hundred Finance to lose $3.3 million by means of under-collateralized loans.

Meter.io's Meter Passport (MTRG) is a token bridge that's suitable with Ethereum and its sidechains. This assault affected the Moonriver aspect of the bridge.

Moonriver is a great contract platform based mostly on Polkadot's Kusama community. Hundred Finance is a crypto lending platform based mostly on the code for Compound Finance.

Beginning at 2pm UTC on Feb. 5 and over the course of a number of proceedings, about $4.4 million in Binance Coin (BNB) and wETH had been minted by means of a "improper opinion assumption" inside the code, in accordance with a Feb. 6 statement from the Meter crew. On this case, an capricious amount of ETH was deposited to Meter which the hacker used to mint tokens utilizing the exposure.

1. Round 6am

Pacific time

we recognized mortal was in a position to leverage a exposure of the bridge to mint a sizeable amount of BNB and WETH tokens and depleted the bridge reserve for BNB on WETH.

— ⚡️Meter.io⚡️ (@Meter_IO) February 5, 2022

The assault prompted a

cascade impact

throughout the Kusama-based Moonriver ecosystem. After exhausting Meter of its BNB and wETH reserves, the assailant bought the BNB on SushiSwap, a preferred decentralized trade. This led to a 77% crash inside the value of BNB on Moonriver on the time.

A lot of opportunists then took benefit of the value dip by shopping for low-cost BNB. They used the tokens as collateral on Hundred Finance so as to take out FRAX and MIM stablecoin loans. Because of the discrepancy in BNB value, nonetheless, their loans had been value greater than the collateral that they had supplied, inflicting a provide disaster.

2/4. Accounts had been in a position to buy BNB.bsc at a diminished value and use these tokens as collateral on the world Chainlink value to adopt uncompromised holding on our platform. Of those, MIM and FRAX are now impacted.

— Hundred Finance (@HundredFinance) February 6, 2022

Amazingly, two of the loans had been repaid, going an first-class $3.3 million in losings to the Hundred protocol. The Hundred crew has tried to succeed in bent on the events concerned to ask that they return the BNB tokens used as collateral to Meter.

The Meter crew has dedicated to reimbursing its group and Hundred Finance for losings incurred as a result of hack. The crew expressed on Feb. 6 that it had put aside $4.4 million in MTRG tokens to cowl preliminary losings.

"Vfat", the named introduction father of Hundred Finance, mentioned in an announcement to Rekt Information on Feb. 6 that:

"Meter have after all accepted duty for this hack and are intending to make use of their native token for reimbursement to the extent that they will, now we're inside the gathering addresses and quantities stage."

The blockchain safety agency PeckShield estimated that in whole, 1,391 ETH and a pair of.74 wBTC had been taken by the assailant and have since been despatched to Ethereum the place the tokens have gone by means of Twister Money, an ETH proceedings privateness device.

The Hundred Finance crew has not but responded to a request for remark.

The preliminary particulars of the exploit of Meter's code resemble the Wormhole hack Feb. 3 through which 120,000 wETH ($321 million) had been maliciously minted and extracted from Wormhole's platform. In that incident, the hacker exploited a sensible contract bug to mint wETH at will and despatched the tokens to Ethereum, the place they had been washed through Twister Money.