MetaSwap, the innovative project that brings together the metaverse and DeFi, was caught completely off guard by a hacking incident today. The outcome was a tremendous loss of 38M USD worth of funds.
This hacking came as a result of the technical incompleteness and lack of experience of MetaSwap, and users feel very strongly that they were betrayed.
MetaSwap was an ambitious project to provide value in a completely new way by combining the metaverse and DeFi. However, this hacking incident occurred because vulnerabilities were found in the smart contracts that serve as the technical foundation for MetaSwap.
Users who had high hopes for the innovation and convenience that this project would provide must feel betrayed to an extent that they never could have imagined.
More specifically, the fact that MetaSwap, which underwent open-source development while being reviewed by numerous specialists, was subject to such large-scale hacking is difficult to believe.
Doubts will be raised about how much effort was put into ensuring the security of the project, and how this issue is handled moving forward will be extremely important in the ability to regain the users’ trust.
The following is the reply that the MetaSwap team provided in response to the interview questions.
“Before anything else, we would like to offer our sincerest apologies to all users who were affected by the hacking incident involving MetaSwap. We would like to provide an honest explanation of the hacking incident. With regard to the cause of this incident, there was a chance that the uniqueness of this project, which involves providing innovative solutions by combining the metaverse and DeFi, would result in unexpected vulnerabilities.”
This hacking incident occurred as a result of the exploitation of such a vulnerability.
To provide a more specific explanation on the vulnerability, there had been processing issues when multiple transactions were executed simultaneously in smart contracts.
Although these transactions should normally be processed in order, hackers used this vulnerability to execute a very large number of transactions in a short amount of time and illegally shifted 38M USD while the system was in a state of disorder.
Next, the attackers used the secret keys that they hacked to forge false payments, draining funds from the MASP bridge in only two transactions. More importantly, although the hacking incident occurred on March 17th, it was not discovered until Tuesday, when a user noticed the issue because they failed to withdraw 10,000 in BNB from the MASP pool. MetaSwap is currently comprised of nine proprietary validator nodes that are separate from the BNB chain that issues tokens, and signatures are required from at least five of them to recognize a deposit or withdrawal.
The attackers successfully gained control over five secret keys: the keys for MetaSwap’s four MASP validators and the key for the third-party validator operated by the MetaSwap Decentralized Autonomous Organization (DAO).
It took an especially long time to obtain illicit access to the latter.
Once the attackers obtained access to the MetaSwap system, they obtained the final signature from the MetaSwap DAO validator and satisfied the threshold for the node needed to illegally drain funds from MASP. At the time of this interview, most of these funds that have been hacked have been released to the dark web.
“It is worth reiterating that this was an unexpected vulnerability, and our company gives careful consideration to the reliability and security of the services that we offer,” says the MetaSwap’s spokesperson.
Also, this project underwent open-source development while being reviewed by numerous specialists. Despite this fact, this incident occurred because there is no such things as a perfect technology.
“Once we became aware of this hacking incident, we started investigating this matter right away and have implemented measures to resolve this vulnerability. We will strive to strengthen our security measures further moving forward and make an effort to improve the safety of our project to ensure that incidents like this never occur again,” adds the platform’s spokesperson.
“Lastly, with regard to compensation for affected users, we will establish an insurance fund and aim to compensate users using future business proceeds.”
The technical issues facing MetaSwap cannot be resolved by simply fixing a vulnerability.
As this incident has brought to light, the technical foundation for the product itself is unstable, and there is a need to put in a genuine effort toward regaining trust by implementing measures and updates that are sufficiently reliable moving forward.
Disclaimer: Any information written in this press release or sponsored post does not constitute investment advice. Thecoinrepublic.com does not, and will not endorse any information on any company or individual on this page. Readers are encouraged to make their own research and make any actions based on their own findings and not from any content written in this press release or sponsored post. Thecoinrepublic.com is and will not be responsible for any damage or loss caused directly or indirectly by the use of any content, product, or service mentioned in this press release or sponsored post.
Source: https://www.thecoinrepublic.com/2023/04/20/metaswap-hacking-incident-loss-of-38m-usd-for-incomplete-technology/