Hackers Steal Over 280 Ethereum from Maestro Trading Bot
If you use the Telegram trading bot Maestro, you might want to be cautious. Hackers have managed to steal more than 280 Ethereum (ETH) due to an exploit in the bot’s smart contract. While these trading bots are designed to automate on-chain trading and farming, some wallets require users to share their private keys, which raises concerns about security.
Maestro Router 2 Contract Vulnerable to External Call Attack
A blockchain security firm called Beosin revealed on Twitter that attackers exploited an external call vulnerability in the Maestro Router 2 smart contract, allowing them to steal around 280 ETH (worth $500,000). By passing in a token address and filling in the transferfrom function with the victim’s address and their own address, the attackers were able to transfer the victim’s tokens to their own address.
Phishing Wallet Steals 37 Million JOE Tokens
Another blockchain analysis firm, PeckShield, informed users that a phishing wallet stole 37 million JOE tokens through the exploit. As a result, the price of JOE dropped by over 30%. Unfortunately, Maestro cannot buy JOE tokens and refund users due to the lack of liquidity.
The attacker transferred the stolen ETH to Railgun, a crypto privacy tool that hides transaction details.
The Maestro team quickly addressed the exploit and updated their router to a safe implementation. Trading has resumed, but tokens with pools on SushiSwap, ShibaSwap, and ETH PancakeSwap will be temporarily unavailable.
Maestro refunded all affected users by purchasing the tokens and sending them to the victims’ wallets. They chose to buy and refund tokens instead of simply sending ETH for a more equitable and complete refund.
Maestro Earned Over $20 Million in 2023
In May 2023, it was reported that the Maestro trading bot earned $5 million in monthly commission. By 2023, it had collected over $20 million in fees. While the bot can help traders earn profits, it requires users to reveal their private keys, which goes against the decentralized ethos of “not your keys, not your coins.”
Although the attack on Maestro is concerning, the team clarified that only the router was targeted and wallet credentials were not compromised.
Hot Take: Cautionary Tale for Trading Bot Users
The recent attack on the Maestro trading bot serves as a cautionary tale for users of such bots. While they can offer convenience and potential profits, trusting these bots with your private keys can be risky. The decentralized ecosystem emphasizes the importance of keeping control over your own keys to ensure the security of your assets. It’s crucial to carefully consider the security measures and reputation of any trading bot before using it. Stay informed and stay safe in the world of crypto trading.
By
By
By
By
By