Meta Pool was hacked for 27 million USD but the hacker only managed to take... 25,000 USD
The multi-chain liquid staking protocol Meta Pool has recently become the latest victim of a smart contract attack, as the hacker illegally minted 27 million USD #mpETH – tokens representing staked ETH. However, due to low liquidity on Uniswap, the attacker could only withdraw about 25,000 USD.
According to PeckShield, the cause was a flaw in Meta Pool's staking contract, allowing the hacker to create 9,700 mpETH without needing to stake $ETH real ETH. Before the incident occurred, a wallet labeled “MEV Frontrunner Yoink” had withdrawn 90 ETH from the pool, significantly reducing the liquidity of mpETH, leading public opinion to suspect that this could be a deliberate frontrun action.
Despite the actual damage being low, Meta Pool still considers this a serious incident. The project has temporarily suspended the mpETH contract, reassured the community, and committed to refunding all affected assets.
Currently, the total value locked (TVL) on Meta Pool remains at 72.8 million USD, with no significant asset withdrawal waves recorded. However, the governance token MPDAO has dropped to 0.024 USD with liquidity nearly depleted.
This incident continues to highlight the vulnerability of DeFi protocols, as in May 2025 alone, the market suffered over 302 million USD in losses due to cyber attacks. Users need to be extremely cautious when participating in projects that have not been thoroughly audited.