June 23, 2025

Meta Pool Exploited for $27M, But Hacker Gets Only $132K

Resistance Manual Journalist June 18, 2025
Meta Pool Exploited for $27M, But Hacker Gets Only $132K

Meta Pool Exploited for $27M, But Hacker Gets Only $132K

Meta Pool Hit With $27M Exploit — Attacker Escapes With Only $132K

Meta Pool narrowly avoided a massive loss after a hacker exploited its smart contract to mint nearly $27 million worth of tokens — but was only able to steal around $132,000 due to low liquidity and swift protocol action.

In a June 11 blog post, the liquid staking platform said its early detection systems caught the suspicious activity quickly, allowing the team to pause the affected contract before further damage occurred.

The attacker minted 9,705 mpETH (Meta Pool’s liquid staking token) using a flawed smart contract function. However, they were only able to withdraw 52.5 ETH from liquidity pools before the exploit was shut down.

Hacker Exploited Fast Unstake Function

Meta Pool co-founder Claudio Cossio explained in an X post that the attacker abused the protocol’s “fast unstake” feature, also known as flash unstaking. This function typically bypasses the usual withdrawal delay, letting users convert staked ETH into mpETH instantly under specific conditions.

Security firm PeckShield flagged the issue, identifying a critical bug in the ERC-4626 mint() function. The flaw allowed the attacker to mint mpETH for free — but the low liquidity of mpETH severely limited their ability to cash out.

Source: Meta Pool 

Exploiter Drained Swap Pools

After minting the tokens, the attacker drained 52.5 ETH from several swap pools across Ethereum and Optimism. Meta Pool said the affected pools had low volume and liquidity, which helped reduce the scale of the exploit.

“All staked Ethereum remains safe,” the Meta Pool team assured users, adding that validator duties continue through the SSV Network, which secures the staked assets.

The mpETH contract remains paused as the team investigates further.

Full Post-Mortem and Reimbursement Incoming

Meta Pool announced that a detailed post-mortem and recovery plan will be published within two days. The protocol has committed to reimbursing all affected users and making them whole.

Wave of Recent Crypto Exploits

Meta Pool is the latest in a string of recent DeFi exploits:

  • Alex Protocol, built on Bitcoin’s Stacks network, lost $8.3 million on June 6 due to a bug in its self-listing logic.
  • BitoPro, a Taiwan-based crypto exchange, confirmed an $11.5 million breach on June 2 tied to a May hot wallet hack.

More Stories

Nakamoto Holdings Raises $51.5M to Expand Bitcoin Treasury Strategy

Nakamoto Holdings Raises $51.5M to Expand Bitcoin Treasury Strategy

Resistance Manual Journalist June 22, 2025
ARK Invest Sells $146M in Circle Shares Amid CRCL Stock Surge

ARK Invest Sells $146M in Circle Shares Amid CRCL Stock Surge

Resistance Manual Journalist June 22, 2025
Norway Considers Crypto Mining Ban Amid Energy Concerns

Norway Crypto Considers Mining Ban Amid Energy Concerns

Resistance Manual Journalist June 21, 2025

Don’t miss the stories!

Nakamoto Holdings Raises $51.5M to Expand Bitcoin Treasury Strategy

Nakamoto Holdings Raises $51.5M to Expand Bitcoin Treasury Strategy

Resistance Manual Journalist June 22, 2025
ARK Invest Sells $146M in Circle Shares Amid CRCL Stock Surge

ARK Invest Sells $146M in Circle Shares Amid CRCL Stock Surge

Resistance Manual Journalist June 22, 2025
Norway Considers Crypto Mining Ban Amid Energy Concerns

Norway Crypto Considers Mining Ban Amid Energy Concerns

Resistance Manual Journalist June 21, 2025
Reddit May Adopt Worldcoin Iris Scanners for User Verification

Reddit May Adopt Worldcoin Iris Scanners for User Verification

Resistance Manual Journalist June 21, 2025
Iran Imposes Crypto Curfew After $100M Nobitex Hack

Iran Imposes Crypto Curfew After $100M Nobitex Hack

Resistance Manual Journalist June 19, 2025