- Maestro, a popular Telegram-based crypto project, experienced a significant security breach today.
- Over $500,000 worth of unauthorized asset transfers resulted from the exploit.
- The breach was caused by a critical vulnerability in Maestro’s Router2 contract.
The popular Telegram-based crypto project Maestro fell victim to a devastating security exploit earlier today, resulting in over $500,000 worth of unauthorized asset transfers.
The breach occurred due to a critical vulnerability in Maestro’s Router2 contract that enabled attackers to initiate arbitrary token transfers from user accounts. According to PeckShield, over 280 ETH was drained from the protocol and sent to the decentralized exchange Railgun in an attempt to launder the stolen funds.
At its core, the issue stemmed from the contract’s proxy design, which allowed logic changes without altering its address. Attackers exploited this to arbitrarily call the “transferFrom” function and siphon tokens from approved addresses to their own wallets.
Maestro team responds quick
Within 30 minutes of detecting the attack, the Maestro team replaced the Router2 contract code to freeze router operations and prevent further exploits. However, the team noted that assets in select DeFi pools will temporarily remain inaccessible during their ongoing investigation.
Maestro has confirmed the vulnerability is now resolved but continues to assess the damage from the breach. The project has promised to refund affected users and provide updates within the day.
As one of Telegram’s largest crypto bot ecosystems, Maestro commands a sizable user base and integrations across DeFi. The exploit showcases the pressing need for robust security practices, even among established projects.
Maestro’s rapid response contained the breach, but the event may still shake trust in the fledgling protocol. Going forward, the project must provide full transparency and take proactive measures to reassure users of its security measures.
The case exemplifies the lurking risks surrounding new DeFi protocols and code. Without rigorous audits and formal verification, vulnerabilities can easily slide under the radar, exposing projects to attacks and substantial losses.