Decentralized liquid staking platform Meta Pool has suffered a $27 million exploit due to a critical smart contract vulnerability, allowing an attacker to mint unlimited mpETH tokens, according to blockchain security firm PeckShield.
Exploit Details: $27M Minted, Only $25K Swapped
On Tuesday, a bug in Meta Pool’s staking contract was exploited to mint $27 million worth of mpETH, the protocol’s liquid staking token. However, due to low liquidity on Uniswap, the attacker was only able to convert 10 ETH (roughly $25,000) into usable funds.
Prior to the exploit, an Etherscan-flagged account labeled “MEV Frontrunner Yoink” removed 90 ETH in liquidity from the affected pool—an action that may have contributed to limiting the attacker’s payout.
No Public Response Yet From Meta Pool
As of now, Meta Pool has not issued any official statement on the exploit via its social media channels. Despite the incident, its total value locked (TVL) remains at $75 million, according to DeFiLlama. Meanwhile, the protocol’s governance token MPDAO trades at just $0.02 with very low volume.
Part of a Growing DeFi Exploit Trend
This latest exploit comes amid a troubling trend for the decentralized finance (DeFi) sector. In May alone, over $302 million was lost to hacks, scams, and exploits, as reported by CertiK.
The Meta Pool breach adds to growing concerns about smart contract vulnerabilities in multi-chain DeFi platforms—particularly those managing large amounts of staked assets without sufficient liquidity or rigorous code audits.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.