Meta Pool, a Liquid Staking Protocol, Suffers $27M Exploit

Multi-chain liquid staking protocol Meta Pool suffered a smart contract exploit on Tuesday, resulting in the loss of $27 million.

Blockchain security firm PeckShield reported that a bug in the protocol’s staking contract allowed users to freely mint mpETH, the protocol’s liquid staking token (LST).

While an attacker managed to mint $27 million worth of the tokens, a lack of liquidity on Uniswap meant that they could only swap 10 ETH worth ($25,000).

An Etherscan transaction before the exploit took place showed that an account labeled as “MEV Frontrunner Yoink” removed 90 ETH worth of liquidity from the pool.

Meta Pool is yet to post any updates about the exploit on social media. Total value locked (TVL) for the project still stands at $75 million, according to DefiLlama, while the protocol’s MPDAO governance token trades at $0.02 on minimal volume.

The exploit continues a trend from May that saw investors lose $302 million to hacks, scams and exploits, according to CertiK.