MetaPoint $POT Exploited for $1 million in $BNB

Metaverse platform MetaPoint ($META) recently experienced an exploit on its POT smart contract.

The attack took place on April 11, with the loss of 2,515 BNB tokens worth $1 million. The threat actor has moved these assets into Tornado Cash, an asset mixer, in an attempt to obscure the recipients' addresses and evade tracing. MetaPoint has acknowledged the exploit and released an official statement about the incident, however, the project has not disclosed plans for a refund or reparation scheme for affected users.

⚠️ As you may already know, the POT contract has been hacked.

🛑 Stop all interactions with it.

The Foundation's action plan:
1/

— MetaPoint (@MetaPoint1024) April 12, 2023

MetaPoint is a metaverse platform where users can participate in various activities within a virtual environment, such as socializing, playing games, attending events, and engaging in commercial ventures. The platform boasts a unique trading strategy and an updated automated market maker (AMM) mechanism that allows players to immerse themselves in the metaverse while interacting with its decentralized ecosystem.

The recent hack involved the exploitation of the POT smart contract on the MetaPoint platform. When users deposit assets, the platform automatically creates a new contract where the funds are sent. The hackers took advantage of this process, diverting deposits to their own smart contract instead of the primary contract.

Following the attack, the MetaPoint team reported the incident and suspended all activities on their channels. The team at MetaPoint claims that they have identified the vulnerabilities and are currently developing solutions. The losses could have been significantly higher if the attack had continued for a more extended period.

yannickcrypto.eth made made the initial disclosure, revealing details of the exploit on Twitter.

Actually METAPOINT getting hacked.

When a user use the deposit function, the transaction creates a new contract and deposit the token into this contract.

The problem is, that this contract have a function called `approve` that gives the caller of the function access to the… pic.twitter.com/CUyebkzB6b

— yannickcrypto.eth (@YannickCrypto) April 11, 2023

The disclosure was promptly corroborated by blockchain security firm PeckShield. According to MetaPoint, it is now undergoing a security audit, a process that would take between 3-7 days.

Once a booming sector in the tech industry, interest in metaverse platforms from major corporations has waned in recent months. Walmart closed its metaverse experience on Roblox, and Meta (formerly Facebook) has scaled back its ambitions in the space. Web3-based metaverse projects, such as Decentraland and The Sandbox, have also struggled. However, some countries, like Japan, still see potential in this domain and continue to explore its possibilities.

The MetaPoint hack underscores the need for increased security measures within the crypto and metaverse industries. This incident follows a series of high-profile attacks that have compromised various platforms in recent years, raising questions about the safety and reliability of such platforms.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.