Maestro Telegram Bot Compromised: 280 ETH Stolen

Maestro Telegram trading bot

Maestro, a leading Telegram bot project, recently faced a security vulnerability resulting in the loss of 280 ETH.

On October 25th, a loophole was discovered in Maestro’s Router2 contract, altering the “transferFrom” command to make the victim’s address the sender and the hacker’s address the recipient. This led to the theft of over 280 ETH (approximately $500,000) from the user’s account.

According to PeckShield, the hacker then transferred the stolen funds to the cross-chain Railgun to obfuscate the source.

Roughly 30 minutes after the initial discovery of the breach, Maestro acted quickly and replaced the Router2 contract’s logic with a benign Counter contract, effectively freezing all router operations and curbing any further unauthorized transfers.

Maestro confirmed that the vulnerability has been resolved. However, tokens in SushiSwap, ShibaSwap, and ETH PancakeSwap pools will remain temporarily unavailable as the company continues its internal review.

The team added that it would refund affected users. “We’ll update the community as soon as we’re ready to process the refunds (hopefully within the day),” it said.

Maestro, established in 2022, is one of the pioneering Telegram bot projects, enabling traders to execute orders, monitor wallets, and track markets conveniently within Telegram.

Table of Contents

Share This Article:

Chi Do
Chi Do
Chi Do is a content writer at CoinMinutes, responsible for creating most of the content on the website, including news related to Bitcoin (BTC), Ethereum (ETH), Blockchain, Decentralized Finance (DeFi), and more. With a keen interest in cryptocurrencies since the 2020s, Chi has acquired extensive experience and knowledge in this field. Chi holds a Bachelor's degree in communication from Academy of Journalism and Communication in Vietnam.

Related Post