$ETH 🔶Hackers breach an Ethereum staking pool

An attacker managed to extract 52.5 ETH from a liquid staking pool in the Ethereum ecosystem. The Meta Pool platform suffered an exploit in the contract of its mpETH token.

The company claims to have contained the attack and will reimburse affected users.

On June 17, 2025, Meta Pool, a liquid staking platform on the Ethereum network, suffered an exploit that resulted in the theft of approximately 52.5 ether (ETH) from its liquidity exchange pools (about 132 thousand dollars).

The attack, detected by security researchers and contained by the Meta Pool development team, exposed vulnerabilities in the contract of its mpETH token, used to facilitate liquid staking on Ethereum. For now, the mpETH contract will remain suspended "while the necessary investigation and mitigation measures are carried out." This means that transfers are disabled. The exploit involved the unauthorized creation of 9,705 mpETH tokens, an asset that represents ether staked on the Meta Pool platform.

According to the company's preliminary report, the attack was carried out through the mint function of the ERC-4626 standard, a protocol that defines how smart contracts manage deposited assets, as is the case with liquid staking.

This mechanism allows users to deposit ether into a contract and receive tokens in return that represent their stake, which can be traded or used in other decentralized finance (DeFi) applications without the need to withdraw the original funds.