Meta Pool Suffers $27M Exploit, But Early Detection Limits Attacker to Just $132K
A hacker exploited a vulnerability in Meta Pool’s smart contract to mint nearly $27 million worth of mpETH tokens—but ultimately made off with only about $132,000 in Ether due to limited liquidity and swift intervention by the protocol’s team.
In a blog post on Tuesday, Meta Pool explained that the attacker used a flaw in the “fast unstake” functionality to generate 9,705 mpETH tokens without providing the corresponding collateral.
Meta Pool Security Incident Report: mpETH Contract on Ethereum & Next Steps
We’ve published a full update on the recent incident involving the mpETH contract on Ethereum, including actions taken and what comes next.
Read more:https://t.co/qSSjfpqXAZ
— Meta Pool (@meta_pool) June 17, 2025
Typically, unstaking requires a delay before assets become transferable, but fast unstaking bypasses that wait under certain conditions.
The exploit hinged on a critical bug in the ERC4626 mint() function, which allowed the unauthorised token creation.
Blockchain security firm PeckShield confirmed the flaw and noted that low liquidity in mpETH swap pools severely constrained the attacker’s ability to convert the minted tokens into significant gains—limiting the theft to just over 52.5 ETH.
Our analysis shows that the @meta_pool staking contract has a critical bug that allows for free mint of mpETH.
This specific tx freely mints 9700+ mpETH ($27m), but the low-liquidity of mpETH limits the profit to ~10 ETH. https://t.co/5quBgM6JyP pic.twitter.com/IE9p8UEMXP
— PeckShield Inc. (@peckshield) June 17, 2025
Meta Pool emphasized that its early detection systems identified the suspicious activity in time for the team to pause the affected smart contract, halting any further unauthorised actions.
Co-founder Claudio Cossio shared in an X (formerly known as Twitter) post that the exploit was rooted in an unintended minting mechanism linked to the fast unstake feature.
Update on ETH exploit on Meta Pool:
- All ETH staked on Meta Pool is SAFU.
- The amount that was taken by the attacker is approx $47,000 USD
- The exploit affected the fast unstake functionality, allowing the attacker to mint mpETH.
- The attacker minted around 10,600 mpETH.
-…
— Claudio Cossio (@ccossio) June 17, 2025
Vulnerability Exploited as Hacker Drains Crypto from Swap Pools
After minting the unauthorised mpETH tokens, the exploiter used them to drain approximately 52.5 ETH from various swap pools across the Ethereum mainnet and Optimism.
According to Meta Pool, one of the impacted Optimism pools had relatively low liquidity and trading volume, which helped limit the overall damage.
The Meta Pool team stated:
“It needs to be cleared that all the Ethereum staked is safe, delegated in the SSV Network operators which is validating blocks and accruing staking rewards on the Ethereum mainnet.”
The team has announced that a full post-mortem report and a recovery plan will be released within the next two days.
In the meantime, the compromised mpETH contract remains paused as the investigation unfolds.
Meta Pool has committed to reimbursing all affected users and ensuring that those impacted by the exploit are fully compensated.
