Maestro Telegram bot breached 280 ETH stolen in smart Contract flaw


Share link:

In this post:

  • Hackers recently infiltrated the Maestro Telegram trading bot through a smart contract flaw, stealing 280 Ethereum (ETH) valued at approximately $500,000.
  • The breach extended beyond Ethereum, affecting the JOE token market by triggering a phishing scheme that compromised 37 million JOE tokens.
  • The Maestro team quickly countered the security lapse, implementing stronger safeguards and assuring the community of enhanced security measures.

Hackers recently exploited a smart contract vulnerability in the Maestro Telegram trading bot, leading to the theft of 280 Ethereum (ETH), roughly equivalent to $500,000. The attack pinpointed an external call flaw within the Maestro Router 2 smart contract, as detailed by blockchain security firm Beosin on Twitter. The perpetrators manipulated the contract’s transfer function, effectively siphoning users’ tokens to their wallets.

Furthermore, the incident’s repercussions extended to a substantial phishing operation, compromising 37 million JOE tokens. The information, relayed by blockchain analytics authority PeckShield, highlighted the gravity of the security breach. The JOE token market reacted promptly, plummeting by over 30%, exacerbating the situation due to Maestro’s inability to procure JOE tokens for user reimbursement owing to liquidity constraints.

However, amidst the turmoil, the hackers opted for an extra veil of anonymity by moving the stolen ETH to Railgun, a privacy tool in the cryptocurrency realm known for obscuring transaction particulars.

Responding swiftly, the Maestro team initiated corrective measures, fortifying their systems against such vulnerabilities. They assured users through communication on Twitter that the updated router was now secure from exploits. However, they also temporarily paused trading activities involving tokens pooled on several other swap platforms, including SushiSwap, ShibaSwap, and ETH PancakeSwap.

In an encouraging move, Maestro undertook the responsibility of refunding affected parties. They opted to purchase the actual tokens to ensure a fair and comprehensive refund over merely transferring ETH to the victims. This decision covered most impacted tokens, marking a commitment to equitable resolution.

Despite the prompt remedial actions, this incident underscores the inherent risks of trading bots that require users to relinquish their private keys. Such practices starkly contradict the decentralized finance adage – “not your keys, not your coins.” It signifies a trade-off between potential profits and the peril of exposing one’s private keys, the cryptographic equivalent of handing over the keys to one’s vault.

Though confined to the router component and not compromising wallet credentials, the exploit has prompted a wave of caution within the crypto community. It is a stark reminder of the lurking vulnerabilities within complex systems and the constant vigilance necessary to safeguard digital assets.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan