Metaverse platform MetaPoint ($META) recently experienced an exploit on its POT smart contract.
The attack took place on April 11, with the loss of 2,515 BNB tokens worth $1 million. The threat actor has moved these assets into Tornado Cash, an asset mixer, in an attempt to obscure the recipients' addresses and evade tracing. MetaPoint has acknowledged the exploit and released an official statement about the incident, however, the project has not disclosed plans for a refund or reparation scheme for affected users.
â ï¸ As you may already know, the POT contract has been hacked.— MetaPoint (@MetaPoint1024) April 12, 2023
ð Stop all interactions with it.
The Foundation's action plan:
MetaPoint is a metaverse platform where users can participate in various activities within a virtual environment, such as socializing, playing games, attending events, and engaging in commercial ventures. The platform boasts a unique trading strategy and an updated automated market maker (AMM) mechanism that allows players to immerse themselves in the metaverse while interacting with its decentralized ecosystem.
The recent hack involved the exploitation of the POT smart contract on the MetaPoint platform. When users deposit assets, the platform automatically creates a new contract where the funds are sent. The hackers took advantage of this process, diverting deposits to their own smart contract instead of the primary contract.
Following the attack, the MetaPoint team reported the incident and suspended all activities on their channels. The team at MetaPoint claims that they have identified the vulnerabilities and are currently developing solutions. The losses could have been significantly higher if the attack had continued for a more extended period.
yannickcrypto.eth made made the initial disclosure, revealing details of the exploit on Twitter.
Actually METAPOINT getting hacked.— yannickcrypto.eth (@YannickCrypto) April 11, 2023
When a user use the deposit function, the transaction creates a new contract and deposit the token into this contract.
The problem is, that this contract have a function called `approve` that gives the caller of the function access to the… pic.twitter.com/CUyebkzB6b
The disclosure was promptly by blockchain security firm PeckShield. According to MetaPoint, it is now undergoing a security audit, a process that would take between 3-7 days.
Once a booming sector in the tech industry, interest in metaverse platforms from major corporations has waned in recent months. closed its metaverse experience on Roblox, and Meta (formerly Facebook) has in the space. Web3-based metaverse projects, such as , have also struggled. However, some countries, like Japan, still in this domain and continue to explore its possibilities.
The MetaPoint hack underscores the need for increased security measures within the crypto and metaverse industries. This incident follows a series of high-profile attacks that have compromised various platforms in recent years, raising questions about the safety and reliability of such platforms.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.