Another cryptocurrency firm has fallen victim to a major hack, losing millions of dollars in the process. Meter, a provider of decentralized finance (DeFi) infrastructure services, disclosed over the weekend that an unauthorized intruder exploited a vulnerability in its cross-chain bridges to mint a significant amount of Binance Coins (BNB) and wrapped Ethereum (WETH), depleting its reserves.
Upon discovering the breach, Meter immediately halted bridge transactions and launched an investigation to identify the source of the bug. According to a statement on Twitter, the hacker was able to manipulate the code by making a wrong trust assumption, allowing them to fake transfers of BNB and ETH. The incident only affected native gas tokens (WETH and BNB) on the Meter and Moonriver networks.
The hack resulted in a loss of $4.4 million for Meter, but the company has pledged to compensate those impacted by the breach. Additionally, Meter is collaborating with authorities to track down the attacker responsible for the theft. The firm advised liquidity providers involved in WETH and BNB pools to withdraw their funds and refrain from trading in those pairs until further notice.
Despite the significant financial loss, Meter has not publicly offered a bug bounty reward to the hacker for the safe return of the stolen funds. This approach differs from recent incidents involving other crypto firms that were also compromised. For instance, Quibit Finance offered a $2 million reward to its attackers after losing $80 million, while Wormhole, another cross-chain bridge provider, lost an estimated $322 million and offered a $10 million reward to the hacker.
In a show of support for Wormhole, proprietary trading firm Jump Trading replenished the stolen funds to assist in making the affected community members whole and to support Wormhole’s ongoing development efforts. These hacks serve as a stark reminder of the inherent risks associated with the cryptocurrency industry and highlight the importance of robust security measures to protect digital assets from malicious actors.