exploit News

Telegram’s Maestro Bot Was Targeted By a $500K ETH Heist Due to a Contract Vulnerability

single-image

Key Points

  • Maestro experienced a theft of over 280 ETH worth $500,000 from its account as a result of a severe vulnerability.
  • The users have been assured that the problem has been fixed and that reimbursements will be issued shortly.

Hackers took advantage of the account’s proxy architecture for upgradability to gain access to Telegram’s Maestro bot account and steal $500,000 in Ether.

CryptoCaster Quick Check:

What occurred?

Maestro, one of the ecosystem’s major Telegram bot projects, experienced a significant security compromise in its Router2 contract, resulting in the illicit movement of more than 280 ETH ($500,000) from user accounts. PeckShield, a security organization, stated on Twitter that the 280 ETH were transferred to the cross-chain trade platform Railgun in order to create ambiguity in tracing their origin.

Advertisement

According to The Block, the contract, which was primarily intended to govern logic for token swaps, was subject to arbitrary calls from attackers, resulting in unlawful asset transfers.

While the problem is being resolved, token access in liquidity pools on certain DEXs will be temporarily unavailable. Tokens in the SushiSwap, ShibaSwap, and ETH PancakeSwap pools will be inaccessible for the time being as the firm conducts an internal assessment.

Advertisement

The group stated the following: “We’ll update the community as soon as we’re ready to process the refunds (hopefully within the day).”

Stay in the know on crypto by frequently visiting Crypto News Today

Maestro promptly replaced the Router2 contract’s logic with a benign Counter contract after discovering the issue, effectively freezing all router activities and stopping any additional illicit transfers.

Advertisement
Follow GappyCoin PreSale on Twitter, and ReCap for information and more.

What Caused It?

According to The Block, the Router2 contract used a proxy design that allowed modifications to the contract logic without changing its address, primarily for upgradability. However, the design was incapable of protecting the contract from arbitrary and illegal calls, allowing attackers to launch “transferFrom” transactions between any approved addresses.

For performing illicit transfers, they may insert a token address into the Router2 contract, set the function to “transferFrom,” and list the victim’s address as the sender and their own as the recipient.CRYPTOCASTER® - DECENTRALIZED FREEDOM!


We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.

In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.

Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.

CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.

Thank you for your support,

Kristin Steinbeck
Editor, CryptoCaster


Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.


Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D


CRYPTOCASTER HEATMAP


You may also like