One of the crypto predictions for 2022 last year was that attacks on decentralized finance (DeFi) projects would increase and there would be significant losses. It seems that at the beginning of the year, this prediction is starting to come true. The DeFi altcoin project called MeterIO was hacked and suffered a loss of $4.3 million due to the stolen cryptocurrencies, although the exact amount cannot be specified due to the increasing volatility in the market. Computer hackers managed to steal 1,391 ETH and 2.7 BTC by exploiting a vulnerability. For details, continue reading Kriptokoin.com.
Details of MeterIO hack and stolen cryptocurrencies
As you know, MeterIO pretty well copies the ChainSwap cross-chain hub technology or is just a fork of it. But Meter developers have created some differences. The main difference brought by the developers is the change in the deposit method of the ERC20 handler.
The change is based on the assumption that a wrapped native token, the bridged token, will not be burned or locked because the wrapped token is not already unwrapped. The specified line of code assumes the bridged token is a wrapped native token, so it shouldn’t be burned or locked. PeckShield, a blockchain security company that aims to improve the security, privacy and usability of the entire Blockchain ecosystem, shared the following regarding the latest attack:
MeterIO was hacked and lost approximately $4.3 million (including 1391.24945169 ETH + 2.74068396 BTC). The extension on the original (unaffected) ChainBridge is causing an incorrect deposit issue.
The following explanations are made by experts regarding how the hack was carried out. The assumption only works as intended for one of the deposit methods, but does not work properly for another method of depositing funds into the contract associated with the WETH deposit address. The hacker noticed the non-compliance in the contract and sent the required amount as search data and took control of the funds he shouldn’t have.
The Meter case isn’t the first in the cross-chain industry where one of the largest Solana-Ethereum bridges has faced a security vulnerability that has resulted in a $320 loss of cryptocurrencies. According to the statements, Wormhole problems were caused by a major bug in Solana’s kernel, which was fixed in version 1.9. But because some contracts were running on older versions of the network, hackers were able to exploit the bug and steal users’ money, which was later returned 1:1 by investors.