Crypto Firm Meter Loses $4.4m in Cyber-Heist
Yet another cryptocurrency firm has been hacked to the tune of millions of dollars.
Meter provides decentralized finance (DeFi) infrastructure services, linking siloed blockchains for users with so-called “cross-chain bridges.”
Over the weekend, it revealed that an unauthorized intruder had managed to exploit a bridge vulnerability to mint a large number of Binance Coins (BNB) and wrapped Ethereum (WETH), while running down its reserves.
After halting bridge transactions immediately, the firm investigated the source of the bug.
“The extended code had a wrong trust assumption which allowed hacker to call the underlying ERC20 deposit function to fake an BNB or ETH transfer,” it explained on Twitter.
“The only impacted tokens were native gas tokens (WETH and BNB), and only Meter and Moonriver networks were impacted.”
Meter admitted it lost $4.4m in the raid but said it would compensate those affected while working with the authorities to trace its attacker.
“We urge all the liquidity providers that provide liquidity involving WETH and BNB to remove liquidity from the pool and wait for an additional announcement from the Meter team,” it added. “Please try avoid trading in these pairs as well.”
Meter urged the hacker to return the funds but has not publicly offered its assailant a bug bounty reward for their safe return, as did two other crypto firms compromised last week.
DeFi provider Quibit Finance proffered a reward of $2m to its attackers and a promise not to press charges after they made off with $80m.
Then a few days later, another cross-chain bridge provider, Wormhole, lost an estimated $322m after attackers stole 120,000 ETH. This time it offered a staggering $10m to the hacker.
A few days later, proprietary trading firm Jump Trading said it replenished those funds “to make community members whole and support Wormhole now as it continues to develop.”
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...