MetaSwap Hacking Incident: Loss of 38M USD for Incomplete Technology

    Published on:

    MetaSwap, a revolutionary project that unites the Metaverse and DeFi, was caught completely off guard by today’s hacking incident. As a result, funds worth US$38 million were lost.

    This hack is the result of MetaSwap’s technical imperfections and inexperience, and users feel very strongly betrayed.

    MetaSwap was an ambitious project that combined the Metaverse and DeFi to deliver value in a completely new way. However, this hacking incident occurred because a vulnerability was discovered in the smart contract that is the technical basis of MetaSwap.

    Users who had high hopes for the innovation and convenience this project would offer must have been disappointed in ways they could not have imagined.

    Specifically, it’s hard to believe that MetaSwap, which was developed in open source with lots of expert reviews, was hacked on such a large scale.

    Questions have arisen about how much effort has been put into ensuring the security of the project, and how this issue will be handled going forward is extremely important to regaining user trust.

    Below are the answers provided by the MetaSwap team to interview questions.

    “First and foremost, we would like to sincerely apologize to all users affected by the hacking incident related to MetaSwap. The uniqueness of this project to provide an innovative solution could lead to unforeseen vulnerabilities.”

    This hacking incident occurred as a result of exploiting such a vulnerability.

    To be more specific about the vulnerability, there was an issue with smart contracts handling multiple simultaneous transactions.

    Normally, these transactions would have been processed in order, but hackers exploited this vulnerability by performing too many transactions in a short period of time while the system was in chaos, fraudulently stealing $38 million. I sent money.

    The attackers then used the hacked private key to forge fake payments and drain funds from the MASP bridge in just two transactions. More importantly, the hacking incident occurred on March 17th, but was discovered until Tuesday when a user noticed the problem because he was unable to withdraw 10,000 in his BNB from his MASP pool. It was not. MetaSwap currently consists of his 9 unique validator nodes separate from his BNB chain that issues tokens, and he requires signatures from at least 5 nodes to recognize deposits and withdrawals. .

    The attackers were able to gain control of the private keys of four of MetaSwap’s four MASP validators and five private keys of third-party validators operated by the MetaSwap Distributed Autonomous Organization (DAO).

    It took a particularly long time to gain unauthorized access to the latter.

    Once the attackers gained access to the MetaSwap system, they obtained the final signature from the MetaSwap DAO validator and met the node threshold required to fraudulently exfiltrate funds from MASP. At the time of this interview, most of these hacked funds are exposed on the dark web.

    A MetaSwap spokesperson said, “This is an unexpected vulnerability and we reiterate that we are carefully considering the reliability and security of the services we offer.

    Also, the project has been open sourced with lots of expert reviews. However, this incident occurred because perfect technology does not exist.

    “After becoming aware of this hacking incident, we immediately began investigating this issue and implemented measures to resolve this vulnerability. , we will work to improve the safety of the project,” added a platform spokesperson.

    “Finally, regarding compensation for affected users, we will establish an insurance fund and aim to compensate users with future business revenue.”

    The technical problems facing MetaSwap cannot be solved by just fixing vulnerabilities.

    As this incident revealed, the technical foundation of the product itself is unstable, and it is necessary to earnestly work to restore trust by implementing sufficiently reliable measures and updates in the future.

    Disclaimer: The information contained in this press release or sponsored post does not constitute investment advice. does not endorse any company or individual information on this page. Readers are encouraged to conduct their own research and act on their own findings and not from anything written in this press release or sponsored post. shall not be liable for any damage or loss caused directly or indirectly by the use of any content, products or services mentioned in this press release or sponsored post.

    Latest Posts by Guest Authors (see all)


    Leave a Reply

    Please enter your comment!
    Please enter your name here