19.06.2025
2 min
626
The Meta Pool platform experienced a cyberattack on the mpETH smart contract, resulting in the unauthorized minting of 9,705 mpETH and the theft of approximately 52.5 ETH. The team promptly suspended the contract and began an investigation together with Blocksec specialists.
The incident was detected by the TenArmorAlert early warning system. The attackers used the mint() function of the ERC4626 standard in the mpETH contract on Ethereum to artificially create tokens and exchange them for real ETH from liquidity pools. The main mpETH/wETH exchange pool contained 15 ETH, and another 37.5 ETH was placed in a pool on Uniswap. All funds of the victims were provided by the Meta Pool DAO itself. The mpETH smart contract is currently paused, transfers are blocked, and the developers are working on a full recovery plan that is transparent to the community. Meanwhile, all 913 ETH originally staked on SSV Network remain securely locked, and no other staking products (on Aurora, NEAR, Solana, etc.) have been compromised.
Meta Pool is a decentralized platform for liquid staking of assets, including ETH, NEAR, SOL, and others. It provides tokens such as stNEAR or mpETH for participation in DeFi. The mpETH contract was launched on Ethereum and allowed users to exchange ETH for liquid staking tokens. The attack is reminiscent of previous incidents in the DeFi sector, where contracts were compromised due to carelessly implemented token features that allowed for over-issuance without adequate collateral. Meta Pool has experience with technical challenges, but this attack is the most high-profile to date.
Meta Pool demonstrated a quick response, freezing the contract before the losses spread, and confirmed that all affected users will be fully compensated. The team is working on analytics and publishing a full vulnerability report. This incident highlights the importance of ongoing auditing of DeFi contracts, as well as the need for backup plans for DAOs that handle user liquidity. The transparency with which the team is working to resolve the issue can maintain trust in the project, but it requires consistent action and constant communication.
