menuIcon
$ 87,873.4
BTC
$ 87,873.4
1.52 %
$ 2,066.41
ETH
$ 2,066.41
0.51 %
$ 0.7533
ADA
$ 0.7533
2.39 %
$ 632.02
BNB
$ 632.02
-1.73 %
$ 144.26
SOL
$ 144.26
3.22 %
Yash Chaudhary
Feb 8, 2022
by Yash Chaudhary

$4.4M Lost in Smart Contract Hack of Meter Passport Bridge

Meter Passport Smart Contract Hack KPGM
Due to a smart contract hack, the Meter Passport token bridge platform has lost $4.4 million, while Hundred Finance has lost $3.3 million due to under-collateralized loans. 

The Meter Passport (MTRG) from Meter.io is a token bridge that works with Ethereum and its sidechains. The Moonriver side of the bridge was targeted in this attack. 

Moonriver is a smart contract platform built on the Kusama network by Polkadot. Hundred Finance is a cryptocurrency loan platform that is built on Compound Finance technology. 

According to a Feb. 6 announcement from the Meter team, around $4.4 million in Binance Coin (BNB) and wETH were minted through a ‘wrong trust assumption’ in the code starting at 2 p.m. UTC on February 5. In this situation, an arbitrary amount of ETH was placed into Meter, and the hacker leveraged the vulnerability to mint tokens. 

The attack triggered a chain reaction throughout the Kusama-based Moonriver ecosystem. The attacker sold the BNB on SushiSwap, a popular decentralized exchange, after emptying Meter's BNB and wETH reserves. 

This resulted in a 77% drop in BNB prices on Moonriver at the moment. A handful of shrewd investors took advantage of the price drop by purchasing low-cost BNB. They utilized the tokens as collateral to get ETH, FRAX, and MIM loans via Hundred Finance. However, because of the BNB price disparity, their loans were worth more than the collateral they had given, resulting in a supply crisis.

Surprisingly, two of the loans were returned, leaving the Hundred protocol with a $3.3 million loss. The ETH loan was fully repaid. The Hundred team has sought to contact the persons involved to request that the BNB tokens that were used as collateral be returned to Meter. 

The Meter team has agreed to compensate its community and Hundred Finance for any losses caused as a result of the hack. On February 6, the team said that it has set aside $4.4 million in MTRG tokens to offset early losses.

Vfat, the pseudonymous founder of Hundred Finance, said in a statement to Rekt News on Feb. 6 that:

 “Meter have of course accepted responsibility for this hack and are intending to use their native token for reimbursement to the extent that they can, currently we are in the gathering addresses and amounts stage.”

PeckShield, a blockchain security business, estimates that the attacker took 1,391 ETH and 2.74 wBTC in total, which were then transmitted to Ethereum and passed through Tornado Cash, an ETH transaction privacy tool.

Follow us on: News
Smart Contract Hack Meter Passport Hundred Finance
$4.4M Lost in Smart Contract Hack of Meter Passport Bridge
Yash Chaudhary
Yash completed his graduation in b.tech (Computer Science ). Yash is passionate about applications of blockchain technology. Yash believes use of blockchain technology can transform our lives at a large scale. Yash daily reads articles, research reports and also documentation of different protocols. Yash listen to podcasts to know the view of industry experts.

Top Picks