Meter protocol has been hacked and lost $4.4 million.
Meter is a protocol that offers a transaction service, generally known as “bridge.” Meter is very similar to a passport, in reality, it enables funds to be transferred between six distinct blockchains: Ethereum (ETH), Avalanche (AVAX), Meter (MTR), Binance Smart Chain (BSC), Moonriver (MOVR), Theta (THETA), and Moonbeam (GLMR).
But on Sunday, February 6 around 3 p.m., the Meter protocol was attacked.
In total, the attacker stole $4.4 million in ETH and BNB.
After identifying the incident, Meter crews quickly paused the bridge. A patch was subsequently released.
Because of a weakness in the bridge, the attacker was able to invoke the ERC-20 deposit function and fake a deposit of BNB and ETH. This allowed it to mint a considerable quantity of BNB and wETH while draining the protocol’s ETH and BNB reserves.
Meter began as a fork of the ChainBridge protocol. Several contracts, however, have been modified. The flaw was introduced as a result of these adjustments.
The attacker to hide his footprints after the attack, routed the payments through the TornadoCash protocol.
Meter’s staff were able to quickly uncover multiple leads pointing to the attacker. The latter are actively collaborating with law enforcement to catch the hacker.
At the same time, the teams must take a snapshot in order to create a compensation plan. However, the latter’s specifics have yet to be published.
Meter has also contacted audit firms to verify the contracts for version 1.5 of its bridge.
For the first time, we’re dealing with a protocol that decided to audit its contracts after being the target of an attack. For the DeFi ecosystem to thrive, protocols must be more proactive in terms of security, auditing contracts before deploying them in production.
Bridge and cross-chain protocol hacks have been on the rise for several months. This was predicted by Vitalik Buterin at the start of January. This highlighted the systemic risk that cross-chain protocols entail.