Telegram bot Maestro refunds 610 ETH to users affected by hack

The largest crypto-focused Telegram Bot project, Maestro, fell victim to a 280 ETH hack and had to return a total of 610 ETH to its clients.

According to Twitter, Maestro’s Router 2 on the Ethereum Mainnet was compromised, resulting in the unauthorized siphoning of various tokens.

The team reported identifying and neutralizing the exploit within 30 minutes, utilizing the router’s upgradeable proxy feature. This feature not only facilitates the addition of new functionalities but also serves as a protective mechanism against potential exploits. The team assures users that the router is now completely secure, and there is no need to revoke approvals or cease interactions with the router. They also emphasize that wallet credentials remain safe and are not at risk.

The attacker managed to extract 280 ETH through token sales before being permanently shut down. In the aftermath, Maestro initiated a refund strategy. Users who lost tokens during the exploit received total compensation, with some even receiving more than their initial holdings.

For the majority of the exploited tokens, the team opted to purchase and refund them directly. For two specific tokens with insufficient liquidity, affected users were compensated with an enhanced ETH equivalent. The entire refund process, costing a total of 610 ETH, was completed within 10 hours of the exploit.

Maestro’s team expressed their apologies for the incident and reiterated their commitment to user safety and satisfaction. The team confirmed that trading can now resume without any disruptions. Nonetheless, tokens associated with SushiSwap, ShibaSwap, and ETH PancakeSwap pools will remain temporarily unavailable as a precautionary measure.

You might also like: Telegram’s IPO preparation presentation leaked online

Telegram bot Maestro hack: details

Maestro fell victim to a security breach resulting in the theft of more than 280 ETH, valued at approximately $500,000. 

Blockchain reporter Colin Wu revealed the breach on Twitter. The vulnerability, an external call flaw in the Maestro Router 2 contract, was swiftly exploited by cyber attackers.

According to Wu, the exploit allowed the perpetrators to make off with a considerable sum in ETH. While the Telegram bot project has since resolved the issue, there were some temporary disruptions in its associated platforms.

PeckShield also shed light on the extent of the hack. Notably, the hacker purloined around 37 million JOE coins, despite the pool having only 26 million JOE available. This move had a cascading effect, leading to a price impact of -30 on swaps involving JOE.

The recent Maestro contract exploit is the latest in a long line of crypto-focused hacks that have plagued the crypto scene throughout this year. In a shocking case this month, a hacker manipulated the BH Token on BNB Chain to create an arbitrage opportunity, making off with $1.2 million.

Read more: How blockchain security experts investigate hacks | Interview
Follow Us on Google News

Comments

Post a Comment

Popular posts from this blog

Grayscale Investments Files for 3 New Exchange Traded Funds

On May 9, digital currency fund manager Grayscale Investments announced the establishment of the Grayscale Funds Trust and submitted registration filings for three exchange-traded funds with the U.S. Securities and Exchange Commission. Grayscale Introduces Grayscale Funds Trust and Files for 3 ETFs As the leading digital currency fund manager, in terms of assets under management (AUM), Grayscale Investments unveiled the Grayscale Funds Trust launch. The trust is a Delaware statutory trust structure designed to strengthen the company’s worldwide asset management capabilities. “A registration statement relating to Grayscale Funds Trust has been filed with the SEC but has not yet become effective,” Grayscale stated on Tuesday. Grayscale highlighted that they had previously established Grayscale Advisors, an SEC-registered investment advisor, which will serve as the new trust’s advisor. Besides the trust, Grayscale has also filed a registration statement for three additional funds. Thes
Read more

SlowMist Uncovers Fraudulent ImToken Wallet on Third-party Stores

The SlowMist Security Team has investigated and analyzed fake Web3 wallets from third -party app stores, warning users about the dangers of downloading wallet apps from questionable sources. In a recent tweet, the team shared their findings and urged users to stay vigilant in enhancing their security awareness when using wallets in the blockchain space. Investigation and Analysis of Fake #Web3 Wallets from Third -party A thread about the risks of using third -party app stores and the dangers of fake wallets in the #blockchain space. Full article here https://t.co/lYNDnM7Qzj — SlowMist (@SlowMist_Team) April 26, 2023 According to the team, third -party app stores like apkcombo and uptodown pose significant risks as anyone can publish apps with minimal cost, making phishing attacks more accessible. The team found a fraudulent version of the well-known imToken wallet on apkcombo, which transmits sensitive data, like mnemonics, to the attacker’s server. The report
Read more

Binance Breaks New Ground with Japan Launch, BNB Token to Take Center Stage

Image
BNB Token To Debut In Japan The cryptocurrency behemoth’s “Build and Build ( BNB )” exchange token, a native token of the BNB chain with broad usage on the Binance exchange, will launch in the Japanese market. The creation of this coin demonstrates Binance ’s strategic goal to target seasoned users. advertisement A variety of decentralized finance (DeFi) and Web 3-based blockchain-based game stocks, such as Solana (SOL), Aster (ASTR), Avalanche (AVAX), Jasmy (JASMY), and Axie (AXS), will be included in the cryptocurrency choices on sale. Domestic unlisted concerns that are not already managed by other exchanges are still being considered, despite not being included in the most recent notification. Binance Japan will not allow leveraged trading, which often entails using margins to purchase and sell assets repeatedly. This is a divergence from several of its rivals. Binance would need to meet stringent requirements to obtain a “Type 1 Financial Instruments Bu
Read more