Telegram Bot giant Maestro, faced an exploit attack on its Maestro Router 2 contract that left approximately 280 Ethereum at stake. This incident sparked an immediate and forceful response from the Maestro team, ensuring the safety of its users.
The narrative begins when Maestro Router 2 suffered an exploit on the Ethereum mainnet. This event allowed attackers to steal a substantial amount of ETH in the form of tokens. The vulnerability was exploited and it is estimated that around 280 ETH were stolen.
The news was quickly covered by the crypto community and Wu Blockchain provided the following statement on the case through X.
There is an external call vulnerability in the Maestro Router 2 contract of Maestro, the largest Telegram Bot project, which has been exploited by attackers to steal more than 280 ETH. Maestro has issued a statement stating that the issue has been resolved, but tokens in the…
— Wu Blockchain (@WuBlockchain) October 25, 2023
However, Maestro’s skill and technology played a crucial role in solving the problem. In less than 30 minutes, the Maestro team identified and completely removed the exploit, taking advantage of an upgradeable router contract to efficiently patch it.
Exploit stopped, Maestro Committed to Compensating Losses
The refund strategy was comprehensive and fair: all users who lost tokens will receive a full refund of their losses, whether in tokens or ETH.
➡️ The router exploit has been fully identified and dealt with.
Our router has been updated to a safe, exploit-free implementation. Trading can resume as normal, but tokens with pools on SushiSwap, ShibaSwap, and ETH PancakeSwap will be temporarily unavailable.
— Maestro🤖🤖 (@MaestroBots) October 25, 2023
The Maestro team remained true to their commitment to protect users affected by the Maestro Router 2 contract exploit, as they announced on X (formerly Twitter) on October 25.
According to the statement, Maestrobots shelled out a total of 610 ETH of its own revenue to cover all user losses, a sum that at the time of writing exceeds $1 million.
Maestro’s focus on fairness and comprehensiveness was reflected in the way they approached refunds: wallets that lost tokens received the full amount they had lost, and for the majority of affected tokens, Maestro opted to purchase and refund the tokens instead of sending ETH, an approach that allowed users to regain full control over their assets.
Through this effort, Maestro spent a total of 276 ETH to secure its users’ tokens. The remaining two tokens, Joe (JOE) and Lockheed Martin Inu (LMI), received refunds in ETH due to lack of liquidity to buy back the lost tokens, and these refunds were increased by 20% as a gesture of support to users affected.
Blockchain security company CertiK confirmed the transparency of these operations by detecting transactions showing refunds of 334 ETH paid to users by Maestro.
This commitment and focus on security and integrity highlights Maestro’s determination to do right by its users, even when facing significant challenges in the crypto space.