QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$26 000 USD
MAY 2025
GLOBAL
MONE META PRO APP
DESCRIPTION OF EVENTS
mOne is an all-in-one superapp designed to seamlessly integrate payment, entertainment, and identity management into a single platform. The app serves as a digital wallet, supporting token portfolios, NFTs, and multi-chain capabilities, making it ideal for managing crypto assets. Users can access a comprehensive Games & Apps library, allowing them to play, transact, and engage in Web3-powered in-game actions, all from within a fullscreen, horizontal-mode interface.
From morning to night, mOne transforms daily routines with a full spectrum of features tailored for modern digital lifestyles. Its “Explorer” mode lets users browse collections, games, and applications, while identity is streamlined through the secure mOne ID. This centralized ID system offers users easy access, enhanced profile controls, and strong security features, creating a personalized and protected environment for more than 15,000 users.
Beyond utility, mOne encourages community interaction and rewards participation with card and cashback features. It supports both users and creators with dedicated portals and documentation, helping foster a vibrant ecosystem. Whether buying, selling, collecting, or playing, mOne offers a unified digital space available on iOS and Android—making it a central hub for all aspects of your online life.
Unfortunately, it appears that the part of the app which was on the base blockchain was exploitable, due to a lack of access control on the unwrapETH function.
TenArmor reports that the unwrapWETH() function in the MPRODoubleRewardAutoStake contract lacks proper access control, allowing anyone to withdraw the ETH from the staking contract.
Transaction 1: 0xac6f716c57bbb1a4c1e92f0a9531019ea2ecfcaea67794bbd27115d400ae9b41
Transaction 2: 0x5aba4f3ffc80829b565ac71b0d47a92138db164d571c5c0c604382c3677a0191
TenArmor reports the total amount of losses at $26.2k USD.
It appears that the MetaProApp Twitter/X account has stopped posting publicly following the incident.
It is unclear what the end result will be. There have been no public announcements made.
There is no evidence that any funds have been recovered.
It is unclear if any investigation is ongoing, who is affected by the loss, and who is responsible for the loss.
mOne, a superapp combining payments, entertainment, and identity management, suffered a security breach due to a vulnerability in its base blockchain infrastructure. Specifically, the `unwrapWETH()` function in the `MPRODoubleRewardAutoStake` contract lacked proper access controls, allowing unauthorized withdrawals. As reported by TenArmor, this flaw was exploited in two transactions, leading to a loss of approximately $26.2k USD. Following the incident, the MetaProApp Twitter/X account went silent, and there have been no official statements, recovery efforts, or clarity on the parties affected or responsible.
TenArmor - "Our system has detected multiple suspicious attacks involving #MPRO Lab @metaproapp on #BASE, resulting in an approximately loss of $26.2K. The unwrapWETH() function in the MPRODoubleRewardAutoStake contract lacks proper access control, allowing anyone to withdraw the ETH from the staking contract." - Twitter/X (Aug 1)
First Attack Transaction - Basescan (Aug 1)
Second Attack Transaction - Basescan (Aug 1)
MetaProApp Twitter/X Profile (Aug 1)
mOne - My One Superapp - Apple App Store (Aug 1)
MetaProApp - "Some call it a site. We call it the front door to something much bigger. Go ahead. Knock." - Twitter/X (Aug 1)
MetaProApp - "http://mone.my is now live — a fresh window into the mOne ecosystem. (Aug 1)
Minimal, bold, and built to grow." - Twitter/X (Aug 1)
