QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$142 000 USD
JUNE 2025
GLOBAL
META POOL
DESCRIPTION OF EVENTS
Meta Pool is a multi-chain liquid staking platform offering users the ability to earn rewards by staking digital assets across several blockchains, including Ethereum, Solana, NEAR, ICP, Aurora, and QGOV. By staking, users receive Liquid Staking Tokens (LSTs) that represent their original assets plus rewards, which can be utilized throughout the DeFi ecosystem. With over $114 million in Total Value Locked and more than $15 million in rewards distributed to 18,650 stakers, Meta Pool provides a secure and decentralized pathway to financial freedom.
The platform emphasizes governance through its mpDAO token, empowering the community to participate in key decision-making processes and shape the future of the protocol. Meta Pool positions itself not just as an infrastructure provider, but as a bridge-builder between traditional finance, fintech, and blockchain, with a strong focus on emerging markets and community-driven growth. Security is a top priority, with multiple audits conducted by reputable firms like Halborn, BlockSec, and Nethermind across various chains and smart contracts.
Meta Pool’s ecosystem is supported by trusted custodial and DeFi partners such as Fireblocks, Qredo, Finoa, Rhea.Finance, PiperX, and VEAX Finance. These partnerships enhance its capabilities in asset security, lending, and decentralized trading. The platform maintains transparency through accessible documentation, regular security audits, and a commitment to user-first values. With robust infrastructure and a growing network, Meta Pool continues to push for decentralized, secure, and inclusive financial systems.
The attack "resulted in the unauthorized minting of tokens via the mint() function". PeckShield reported that "the @meta_pool staking contract has a critical bug that allows for free mint of mpETH".
The Meta Pool exploit on June 17, 2025, stemmed from a critical vulnerability in the mint() function of its Ethereum-based mpETH contract. The attacker exploited flaws in Meta Pool’s implementation of the ERC-4626 tokenized vault standard, which governs how deposits and mints should be handled. Two transactions were involved: the first, front-run by a white-hat wallet named "Yoink," attempted to mitigate the damage; the second was the actual attack, where the exploiter successfully minted 9,702 mpETH tokens—worth approximately $27 million—without depositing any ETH.
The core technical flaw was a failure to properly override and secure the mint() function. Meta Pool's contract lacked access control, allowing anyone to call mint() without restriction. Additionally, critical input validation was missing in both the mint and internal _deposit functions, enabling token minting with no ETH transferred. This violated the basic principle of liquid staking, where minted tokens should be backed by deposited assets. The smart contract effectively let users create value from nothing, leaving the system vulnerable to abuse.
Despite the massive on-chain minting, the exploiter could only convert a small portion into real value due to low liquidity and DAO fund structures that limited outflows. Only 52.5 ETH—roughly $130,000—was ultimately withdrawn. While the financial loss was minimal, the incident serves as a crucial reminder that merely adopting token standards like ERC-4626 is not enough; developers must thoroughly understand, validate, and secure every inherited function. QuillAudits’ automated tool, QuillShield, had flagged the issue earlier, emphasizing the need for proactive security testing and code reviews.
Losses were reported by SlowMist as $25k.
While the attacker was able to mint $27m worth of the mpETH token, there was heavily limited liquidity, which allowed for only $25k of redemptions.
There is a report of an additional $117k which was taken by a liquidity provider name yoink.
The team promptly paused the contract to prevent further damage and is now investigating the incident, assessing its impact on DEXs and the OP bridge. It was reported that the contract was immediately paused by the founding team "[t]hanks to early detection".
It appears that the protocol was relaunched and a buyback was initiated to recover the token value.
A significant portion of the lost funds were recovered from a MEV bot who front-ran the attack.
Reportedly, funds taken by the yoink MEV were returned to the protocol.
The remaining losses to the protocol were minimal. It's unclear if there is any further investigation to trace down the funds.
Meta Pool suffered an exploit due to a critical vulnerability in its Ethereum-based mpETH contract, where a failure to properly secure and validate the mint() function—part of the ERC-4626 standard—allowed an attacker to mint $27 million worth of tokens without depositing any ETH. Despite the large on-chain mint, only around $25,000 was redeemed due to limited liquidity, and an additional $117,000 was briefly taken by a MEV bot named “Yoink,” which later returned the funds. Thanks to early detection, the team immediately paused the contract, launched a recovery and buyback effort, and ultimately contained the losses with minimal impact to the protocol.
Meta Pool exploited - Web3IsGoingGreat (Jul 22)
Meta Pool, a Liquid Staking Protocol, Suffers $27M Exploit - CoinDesk (Jul 22)
PeckShield - "Our analysis shows that the @meta_pool staking contract has a critical bug that allows for free mint of mpETH. This specific tx freely mints 9700+ mpETH ($27m), but the low-liquidity of mpETH limits the profit to ~10 ETH." - Twitter/X (Jul 22)
PeckShield - "Hi @meta_pool you may want to take a look" - Twitter/X (Jul 22)
Attack Transaction - Etherscan (Jul 22)
Meta Pool - "We would like to inform you that earlier today an attack was detected on the mpETH contract on Ethereum, which resulted in the unauthorized minting of tokens via the mint() function. We are reviewing the impact on the different DEXs and the OP bridge. Thanks to early detection, the contract was immediately paused by the founding team, preventing further damage." - Twitter/X (Jul 22)
Meta Pool - "Thank you for sharing. We are currently working to resolve it" - Twitter/X (Jul 22)
@ccossio Twitter (Jul 22)
@meta_pool Twitter (Jul 22)
@meta_pool Twitter (Jul 22)
@meta_pool Twitter (Jul 22)
@meta_pool Twitter (Jul 22)
@meta_pool Twitter (Jul 22)
@ccossio Twitter (Jul 22)
Meta Pool - "From Exploit to Recovery: How 45 ETH Were Saved Thanks to Ethical Hackers. We are pleased to report that the entire amount recovered by MEV Frontrunner @yoink6980 — approximately $117,000 USD — was promptly returned to Meta Pool." - Twitter/X (Jul 22)
Pisces Cris - "It hasn’t been an easy week for the @meta_pool team, but as a community member, I’ve been closely watching how they would respond ...and let me tell you, they did not disappoint." - Twitter/X (Jul 22)
AVBNear - "The @meta_pool DAO has now stopped buybacks as target price reached. Last purchase was ~48 hours." - Twitter/X (Jul 22)
DIA Community Hub - "Meta Pool Recovers Funds After mpETH Incident" - Twitter/X (Jul 22)
Meta Pool - "Our liquid staking token is back on Ethereum. Following the recent security incident, Meta Pool has fully restored functionality and launched a new liquid staking token: $spETH." - Twitter/X (Jul 22)
@mdew_eth Twitter (Jul 22)
Potential Profitless Early Attack Transaction - Etherscan (Jul 22)
How $27M in Stolen Tokens Led to Just $130K in Losses [The Meta Pool Hack] - QuillAudits (Jul 22)
Meta Pool LinkTree (Jul 22)
Meta Pool Twitter/X (Jul 22)
coindesk.com/business/2025/06/17/liquid-staking-protocol-meta-pool-suffers-usd27m-exploit (Jul 22)
