• 16 October, 2024
News

Maestro Trading Bot Loses 280 ETH in Security Breach, Vulnerability Patched

Maestro Trading Bot Loses 280 ETH in Security Breach, Vulnerability Patched

On October 24, a security breach in Maestro, a prominent cryptocurrency trading bot, led to the loss of an estimated 280 ETH, valued at around $500,000. The attacker exploited a vulnerability in a recently deployed router contract, which was designed to facilitate the trading of various memecoins. The project announced the exploit on social media platform X, via a tweet.

The attacker managed to transfer tokens to their own wallet, specifically those that had received prior approval on the compromised contract. After securing the tokens, the attacker converted them into ethers and utilized the RailGun mixer to conceal their activities.

The Maestro team acted swiftly to mitigate the damage. They “revoked all the router’s functionalities,” ensuring that trading could be safely resumed. Affected users were promised full refunds, while those unaffected were assured that their tokens remained secure.

The project also committed to issuing full refunds to those affected, estimating that approximately 280 ETH will be needed for this purpose. They also clarified that the exploit was limited to the router and did not impact user wallets.

The compromised Router 2 contract functioned in a manner similar to an ERC1967-like proxy. It delegated its operations to another address, which was responsible for managing the logic related to swaps and incentivizing block builders. The vulnerability lay in an exposed function on the router that, when activated, deferred to its designated implementation. This loophole enabled the attacker to use the ‘transferFrom’ method to target token holders, accumulate tokens, and eventually convert them into ETH.

After identifying the exploit, Maestro updated their router to a “safe, exploit-free implementation,” according to the team. Although trading has resumed, tokens associated with liquidity pools on platforms like SushiSwap, ShibaSwap, and PancakeSwap’s Ethereum deployment are still temporarily unavailable.

The Maestro incident is not an isolated event in the cryptocurrency landscape. Just last month, HTX Global, another significant player in the digital currency arena, also fell victim to a cyber-attack. The breach, which took place on September 24, 2023, led to a loss of a staggering 5,000 ETH, equivalent to about $8 million USD.

Coinbase Takes Legal Stand Against SEC, Files Motion for Dismissal
Read Previous

Coinbase Takes Legal Stand Against SEC, Files Motion for Dismissal

2023's Crypto Landscape: Bitcoin Hits $35,000 as Institutions Eye US BTC ETFs
Read Next

2023's Crypto Landscape: Bitcoin Hits $35,000 as Institutions Eye US BTC ETFs