exploit News

Telegram’s Maestro Bot Was Targeted By a $500K ETH Heist Due to a Contract Vulnerability


Key Points

  • Maestro experienced a theft of over 280 ETH worth $500,000 from its account as a result of a severe vulnerability.
  • The users have been assured that the problem has been fixed and that reimbursements will be issued shortly.

Hackers took advantage of the account’s proxy architecture for upgradability to gain access to Telegram’s Maestro bot account and steal $500,000 in Ether.

CryptoCaster Quick Check:

What occurred?

Maestro, one of the ecosystem’s major Telegram bot projects, experienced a significant security compromise in its Router2 contract, resulting in the illicit movement of more than 280 ETH ($500,000) from user accounts. PeckShield, a security organization, stated on Twitter that the 280 ETH were transferred to the cross-chain trade platform Railgun in order to create ambiguity in tracing their origin.


According to The Block, the contract, which was primarily intended to govern logic for token swaps, was subject to arbitrary calls from attackers, resulting in unlawful asset transfers.

While the problem is being resolved, token access in liquidity pools on certain DEXs will be temporarily unavailable. Tokens in the SushiSwap, ShibaSwap, and ETH PancakeSwap pools will be inaccessible for the time being as the firm conducts an internal assessment.


The group stated the following: “We’ll update the community as soon as we’re ready to process the refunds (hopefully within the day).”

Stay in the know on crypto by frequently visiting Crypto News Today

Maestro promptly replaced the Router2 contract’s logic with a benign Counter contract after discovering the issue, effectively freezing all router activities and stopping any additional illicit transfers.

Follow GappyCoin PreSale on Twitter, and ReCap for information and more.

What Caused It?

According to The Block, the Router2 contract used a proxy design that allowed modifications to the contract logic without changing its address, primarily for upgradability. However, the design was incapable of protecting the contract from arbitrary and illegal calls, allowing attackers to launch “transferFrom” transactions between any approved addresses.

For performing illicit transfers, they may insert a token address into the Router2 contract, set the function to “transferFrom,” and list the victim’s address as the sender and their own as the recipient.CRYPTOCASTER® - DECENTRALIZED FREEDOM!

We hope you appreciated this article. Before you move on, I was hoping you would consider taking the step of supporting CryptoCaster’s journalism. 

From  Elon Musk, Larry Fink(BlackRock) to Jamie Dimon(JP Morgan Chase) a number of billionaire owners have a powerful hold on so much of the hidden agendas’ which eludes the public concerning the paradigm shift juxtaposed by cryptocurrency and web3 emerging technologies. CryptoCaster is different. We have no billionaire owner or shareholders to consider. Our journalistic efforts are produced to serve the public interest in crypto development and institutional disruptions – not profit motives.

And we avoid the trap that befalls much U.S. and global media – the tendency, born of a desire to please all sides, to engage in false equivalence in the name of neutrality and retail consumer protection. While fairness and transparency dictates everything we do, we know there is a right and a wrong position in the fight against fiat global banking interest and monetary reconstruction precipitated by the emerging crypto ecology.

When we report on issues like the FTX, Binance and Ripple crisis, we’re not afraid to name who or what is uncovered. And as a crypto sentinel, we’re able to provide a fresh, outsider perspective on the global monetary disruption – one so often missing from the insular American and European media bubble. 

Around the world, readers can access the CryptoCaster’s paywall-free journalism because of our unique reader-supported model. That’s because of people like you. Our readers keep us independent, beholden to no outside influence and accessible to everyone – whether they can afford to pay for news and information, or not.

We thankyou for the on-going support our readers have bestowed monetarily. If you have not considered supporting CryptoCaster, if you can, please consider supporting us just once from $1 or more of Bitcoin (satoshi) or Eth, and better yet, support us every month with a little more. Scroll further down this page to obtain CryptoCaster’s wallet addresses.

Thank you.

Kristin Steinbeck
Editor, CryptoCaster

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt


You may also like