Telegram trading bot, Maestro, has refunded 610 ETH to its users following a hack of its Router 2 contract. The exploit occurred on October 24th, allowing hackers to steal about 280 ETH ($500k) before the team halted the contract.
Sniper bots, aiming for quicker operations, use their own Router smart contracts that link directly to Uniswap trading pairs. Beosin, a smart contract auditor, pointed out that Maestro's Router 2 contract, which was only recently deployed, had issues with its transfer function. This flaw allowed the attacker to move tokens from the victim's wallet to their own.
While some speculate the attack might have been an inside job, Maestro has not officially confirmed that to be the case. After the hack, the attacker transferred 280 ETH to a crypto privacy tool, aiming to hide their tracks.
The Maestro team responded swiftly to the hack, fixing and relaunching the contract soon after the incident. They also fully compensated users who were affected. For 9 out of the 11 exploited tokens, the team opted to purchase and return the tokens rather than merely sending ETH, as they believed this approach offered a more fair and comprehensive reimbursement.
However, some tokens had insufficient liquidity, preventing the team from buying back the lost tokens. As a result, users of these tokens were compensated with ETH. For example, the attacker stole 30M JOE tokens but the Uniswap liquidity pool contained only 24 million JOE.
Furthermore, the affected users were given an additional 20% of the ETH equivalent of their tokens as a goodwill gesture. The total cost of these refunds was 334 ETH. In total, the team spent 610 ETH (over $1 million) to address the aftermath of the hack.
Interestingly, the team stated that only the Router was affected by the hack, and none of the wallets were compromised. Wallets are the Achilles' heel of these trading bots, as the team retains control of the private keys for users' wallets. If the database where these private keys are stored had been hacked, the consequences could have been far more severe.