Key Points
- Maestro experienced a theft of over 280 ETH worth $500,000 from its account as a result of a severe vulnerability.
- The users have been assured that the problem has been fixed and that reimbursements will be issued shortly.
Hackers took advantage of the account’s proxy architecture for upgradability to gain access to Telegram’s Maestro bot account and steal $500,000 in Ether.
CryptoCaster Quick Check:
What occurred?
Maestro, one of the ecosystem’s major Telegram bot projects, experienced a significant security compromise in its Router2 contract, resulting in the illicit movement of more than 280 ETH ($500,000) from user accounts. PeckShield, a security organization, stated on Twitter that the 280 ETH were transferred to the cross-chain trade platform Railgun in order to create ambiguity in tracing their origin.
According to The Block, the contract, which was primarily intended to govern logic for token swaps, was subject to arbitrary calls from attackers, resulting in unlawful asset transfers.
While the problem is being resolved, token access in liquidity pools on certain DEXs will be temporarily unavailable. Tokens in the SushiSwap, ShibaSwap, and ETH PancakeSwap pools will be inaccessible for the time being as the firm conducts an internal assessment.
The group stated the following: “We’ll update the community as soon as we’re ready to process the refunds (hopefully within the day).”
Stay in the know on crypto by frequently visiting Crypto News Today
Maestro promptly replaced the Router2 contract’s logic with a benign Counter contract after discovering the issue, effectively freezing all router activities and stopping any additional illicit transfers.
Advertisement
Follow GappyCoin PreSale on Twitter, and ReCap for information and more.
What Caused It?
According to The Block, the Router2 contract used a proxy design that allowed modifications to the contract logic without changing its address, primarily for upgradability. However, the design was incapable of protecting the contract from arbitrary and illegal calls, allowing attackers to launch “transferFrom” transactions between any approved addresses.
For performing illicit transfers, they may insert a token address into the Router2 contract, set the function to “transferFrom,” and list the victim’s address as the sender and their own as the recipient.
If this article brought you clarity, insight, or value—support the work that made it possible.
At CryptoCaster, we report on Web3, crypto markets, and institutional finance with no billionaire owners, no shareholders, and no hidden agenda. While mainstream media bends toward Elon Musk, BlackRock, and JPMorgan narratives, we stay focused on what matters: truth, transparency, and the public interest.
We don’t just cover the headlines—we investigate the power structures behind them. From FTX and Ripple to the quiet push for CBDCs, we bring fearless reporting that isn’t filtered by corporate interests.
CryptoCaster is 100% paywall-free. Always has been. To keep it that way, we depend on readers like you.
If you believe independent crypto journalism matters, please contribute—starting at just $1 in Bitcoin or Ether. Wallet addresses are below.
Your support keeps us free, bold, and accountable to no one but you.
Thank you,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP
