The Meter Passport token bridge platform has incurred $4.4 million in losses due to a smart contract hack which also caused Hundred Finance to lose $3.3 million through under-collateralized loans.
Meter.io’s Meter Passport (MTRG) is a token bridge that is compatible with Ethereum and its sidechains. This attack affected the Moonriver side of the bridge.
Moonriver is a smart contract platform based on Polkadot’s Kusama network. Hundred Finance is a crypto lending platform based on the code for Compound Finance.
Starting at 2pm UTC on Feb. 5 and over the course of several transactions, about $4.4 million in Binance Coin (BNB) and wETH were minted through a “wrong trust assumption” in the code, according to a Feb. 6 statement from the Meter team. In this case, an arbitrary amount of ETH was deposited to Meter which the hacker used to mint tokens using the vulnerability.
1. Around 6am Pacific time we identified someone was able to leverage a vulnerability of the bridge to mint a large amount of BNB and WETH tokens and depleted the bridge reserve for BNB on WETH.
The attack caused a cascade effect across the Kusama-based Moonriver ecosystem. After draining Meter of its BNB and wETH reserves, the attacker sold the BNB on SushiSwap, a popular decentralized exchange. This led to a 77% crash in the price of BNB on Moonriver at the time.
A number of opportunists then took advantage of the price dip by buying cheap BNB. They used the tokens as collateral on Hundred Finance in order to take out FRAX and MIM stablecoin loans. Due to the discrepancy in BNB price, however, their loans were worth more than the collateral they had provided, causing a supply crisis.
2/4. Accounts were able to purchase BNB.bsc at a reduced price and use these
Read more on cointelegraph.com