On June 17, 2025, Meta Pool, the liquid staking platform for Ethereum Network, suffered from its misuse The result was a subtraction of approximately 52.5 ether (ETH). Liquidity exchange pool (approximately $132,000).
Metapool development team detects attacks by security researchers and content; He presented a vulnerability in the token MPETH contractis used to promote liquid staking at Ethereum. At this point, the MPETH contract “has been implemented with necessary investigations and mitigation measures,” but it emphasized that the MPETH contract will be suspended. This means that forwarding is disabled.
The exploit contained an illegal creation of 9,705 tokens MPETH.
According to a company’s preliminary report, the attack took place through functions mint (Printed) ERC-4626 standard, a protocol that defines how intelligent contracts manage deposited assets, as in the case of liquid staking.
This mechanism enables the user Deposit ether into the contract and receive the token They represent participation that can be negotiated or used in other distributed financial applications (DEFIs) without the need to withdraw the original funds.
For meta pools, the Mint() function must be protected from unauthorized access. Manipulated to generate MPETH without depositing the corresponding ether.
Working with BlockSec security company, Metapool team has been achieved Attacks are included He then ensured that the staking of funds delegated to the operators of the SSV network network remained intact. These operators are responsible for verifying blocks in the Ethereum main network and generate staking rewards that benefit users of the platform.
Additionally, the company noted that “all users affected by this exploit will be fully compensated and will be refunded for assets lost in this case.”
Ultimately, Metapool has pledged to publish the full report (After death) In the next 48 hours, we will detail the causes of the exploit and measures to prevent future incidents.
