On June 17, 2025, Meta Pool, a liquid staking platform on the Ethereum Community, suffered an exploit that It resulted within the subtraction of roughly 52.5 Ether (ETH) of its liquidity change swimming pools (roughly 132 thousand {dollars}).
The assault, detected by safety researchers and content material by the Meta Pool improvement group, He introduced vulnerabilities in his token mpeth contractused to facilitate liquid staking in Ethereum. In the intervening time, the Mpeth contract might be suspended “whereas the required analysis and mitigation measures are carried out.” That’s, transfers are disabled.
The exploit concerned the unauthorized creation of 9,705 tokens Mpeth, an asset that represents Ether wager on the ending platform Pool.
In response to the corporate’s preliminary report, the assault was carried out by means of the operate mint (Print) of the ERC-4626 normal, a protocol that defines how clever contracts handle deposited belongings, as within the case of liquid staking.
This mechanism permits customers deposit Ether in a contract and obtain tokens They characterize their participation, which could be negotiated or utilized in different decentralized finance purposes (DEFI) with out the necessity to withdraw the unique funds.
Within the case of Meta Pool, the operate mintwhich needs to be protected in opposition to unauthorized accesses, It was manipulated to generate MPETH with out depositing the corresponding ether.
Meta Pool group, in collaboration with Blocksec safety agency, achieved comprise the assault And he assured that Staking Funds, delegates to operators of the SSV Community community, stay intact. These operators are liable for validating blocks within the Ethereum principal community, producing staking rewards that profit the customers of the platform.
Moreover, from the corporate they identified that “all customers affected by this exploit might be fully compensated and reimburse the belongings misplaced by this incident.”
In the end, Meta Pool has promised to publish a full report (autopsy) Within the subsequent 48 hours, detailing the causes of the exploit and the measures to forestall future incidents.
