San Francisco: US-based Blockchain infrastructure company Meter has said $4.4 million was stolen during a cyberattack on the platform that started Saturday morning.
The company said it manages an infrastructure that allows smart contracts to scale and travel through heterogeneous blockchain networks. The Meter network, as well as the Moonriver network, were affected by the hack, reports ZDNet.
Blockchain research company PeckShield confirmed that 1391 ETH and 2.74 BTC were stolen during the incident, the report said.
Around 2 pm ET on Saturday, the company said it was hacked and urged users not to trade unbacked meterBNB circulating on Moonriver.
“We have identified the issue: Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience,” the company explained.
“However the contract did not block direct interaction of the wrapped ERC20 tokens for the native gas token and did not properly transfer and verify the correct number of WETH transferred from the callers’ address. We are working on compensating funds to all affected users,” it added.
By 6 pm ET, Meter wrote that it stopped all bridge transactions and discovered that the issue related to a bug “introduced in the automatic wrap and wrap of native tokens like BNB and ETH extended by the Meter team”.
According to Meter, its extended code “had a wrong trust assumption” that let the hacker fake BNB and ETH transfers by “calling the underlying ERC20 deposit function”.
They are working with authorities and said they found “some early traces of the hacker,” urging the culprit to return the stolen money.
On Wednesday, $324 million was stolen through the popular decentralized cross-chain message-passing protocol Wormhole.