Hackers Attack Meter Blockchain Infrastructure, Stealing $4.4 Million in Cryptocurrency

Unknown hackers have attacked Meter, a company specializing in blockchain infrastructure, and stole cryptocurrency worth $4.4 million.

Meter manages infrastructure that enables the scaling of smart contracts and facilitates movement across heterogeneous blockchain networks.

According to cybersecurity experts from PeckShield, the hackers managed to steal 1,391 ETH (about $4.28 million) and 2.74 BTC (approximately $117,000) during the breach. The Meter Passport crypto wallet features automatic “wrapping” and “unwrapping” of so-called “gas tokens” like ETH and BNB. However, the contract does not block direct interaction between wrapped ERC20 tokens and the native gas token, nor does it ensure proper transfer and verification of the correct number of wrapped ETH (WETH) sent from a user’s address.

Meter immediately halted all intermediary transactions and discovered that the issue was related to the process of “automatically wrapping native tokens such as BNB and ETH, which had been extended by the Meter team.” The extended code contained an “incorrect trust assumption,” which allowed hackers to forge BNB and ETH transfers by calling the base ERC20 deposit function.

Company representatives are cooperating with law enforcement agencies as part of the ongoing investigation. Meter has also found digital traces of the hackers and has called on the perpetrators to return the stolen funds.