Thanks to low liquidity and swift action by the Meta Pool team, the attacker was only able to cash out around $132,000 in ETH before the smart contract was paused. Blockchain security firm PeckShield confirmed that the exploit stemmed from a critical bug in the staking contract.
June has seen a number of security incidents and enforcement actions in the crypto and cybercrime space so far. In another case, Polyhedra Network’s ZKJ token plunged by 83% after a coordinated liquidity attack and large-scale token dumping, wiping out half a billion dollars in market value. On a more positive note, Europol was able to shut down the notorious dark web market Archetyp after coordinated raids across six countries. Although the market’s takedown is a major win, blockchain analysts warn that illicit actors are becoming more agile by turning to encrypted platforms like Telegram and Signal.
Meta Pool Attack Thwarted
A recent exploit targeting the liquid staking platform Meta Pool resulted in a relatively limited loss for the attacker, who only managed to steal $132,000 worth of Ethereum (ETH) despite minting nearly $27 million in protocol tokens. According to a blog post from Meta Pool, the hacker exploited a vulnerability in the fast unstake feature, also known as flash unstaking, which bypasses the usual waiting period for unstaked assets. This allowed the attacker to mint 9,705 mpETH tokens, the platform's liquid staking derivative.
However, due to low liquidity in the mpETH swap pools and the swift response by Meta Pool’s team, the attacker was only able to exchange the tokens for 52.5 ETH before any more damage could be done. Blockchain security firm PeckShield confirmed that a critical bug in the staking contract enabled the minting of mpETH at no cost, but explained that the illiquid state of the pools sharply curtailed the attacker's profits. Meta Pool credited its early detection systems and quick action to pause the affected smart contract for minimizing the loss.
The attacker targeted pools on both the Ethereum mainnet and Optimism, but Meta Pool noticed that the Optimism pool in particular had low trading activity. This helped mitigate any potential harm. Importantly, the company assured its users that all Ethereum staked in the protocol remains safe and continues to earn rewards via the SSV Network operators.
Meta Pool plans to release a full post-mortem in the next two days and is developing a recovery plan, which includes reimbursing affected users and ensuring that they are made whole. The mpETH contract will stay paused during the ongoing investigation to prevent any additional security risks.
This incident adds to a growing list of crypto protocol breaches in June. Alex Protocol, a decentralized finance platform on the Stacks blockchain, suffered an $8.3 million loss on June 6 due to a flaw in its self-listing verification logic. Similarly, Taiwan-based crypto exchange BitoPro confirmed on June 2 that it lost more than $11.5 million in a hot wallet breach that took place on May 8.
ZKJ Token Crashes After Liquidity Attack
Another crypto project also recently suffered some challenges. Polyhedra Network attributed the 83% crash of its ZKJ token to a combination of coordinated liquidity attacks, major token deposits, and cascading liquidations.
(Source: Polyhedra)
On Sunday, the price of ZKJ fell from $1.92 to $0.32 in a matter of hours, wiping out around $500 million in market value. In a statement that was shared on Monday, Polyhedra pointed to five contributing factors, including large deposits of ZKJ from various wallets into centralized exchanges, aggressive sell-offs targeting a ZKJ/KOGE liquidity pool on PancakeSwap, and thin liquidity conditions that amplified the impact.
According to the investigation, the price drop was exacerbated by deposits from a wallet linked to market maker Wintermute, which transferred over 3.39 million ZKJ tokens into exchanges around the time of the crash. Polyhedra noticed that this activity coincided with a broader effort to withdraw liquidity from the ZKJ/KOGE pool, suggesting that the market depth was intentionally removed from a fragile pool with concentrated liquidity.
The project’s co-founder, Tiancheng Xie, criticized the KOGE token by claiming it “rugged all of us” in reference to the sell-offs that began in the ZKJ/KOGE pair. KOGE is a governance token associated with the BNB48 Club on Binance. However, a Binance Square user believed to be part of the KOGE team denied involvement in the incident, and pushed back against the blame directed at their project and Wintermute.
Europol Shuts Down Archetyp Dark Web Market
On the bright side, Europol successfully dismantled Archetyp Market, one of the longest-running dark web marketplaces, after a series of coordinated raids across six countries. The operation led to the takedown of the site’s main infrastructure in the Netherlands and the arrest of its alleged German administrator in Spain.
(Source: TRM Labs)
Authorities also apprehended a moderator and six of the platform’s top vendors in Germany and Sweden. Archetyp Market operated for five years and relied on the privacy-centric cryptocurrency Monero for its illicit transactions, which primarily involved drugs like cocaine, MDMA, amphetamines, and even synthetic opioids like fentanyl.
(Source: TRM Labs)
Europol stated that the investigation took years of meticulous work, including the tracking of complex financial flows, to finally bring down the marketplace. At its peak, Archetyp boasted more than 600,000 users, more than 17,000 product listings, and at least €250 million ($287 million) in total transaction volume. The agency likened the platform’s influence and longevity to notorious predecessors like Dream Market and Silk Road.
Despite this enforcement success, blockchain intelligence firm TRM Labs warned that the dark web ecosystem is still highly adaptive. In a report that was released Monday, TRM Labs shared that vendors and operators increasingly migrated to decentralized and encrypted platforms like Telegram and Signal, which offer faster transactions, lower fees, and reduced vulnerability to takedowns. These peer-to-peer setups complicate efforts by law enforcement to monitor and disrupt illegal activity.
The firm also shed some light on how dark web operators are using methods like pseudonymous domain registration, quick rebranding after shutdowns, and laundering funds through high-risk crypto exchanges to evade authorities. While Western marketplaces have sometimes resorted to exit scams or attempted rebrands after enforcement actions, full-scale rebuilds are reportedly becoming less common.
According to TRM Labs, the fall of Archetyp proved that law enforcement, with the help of advanced blockchain analytics, can disrupt deeply entrenched dark web platforms. However, the continued adaptability of these networks reinforces the need for real-time monitoring, cross-border collaboration, and technological innovation to counter emerging threats in the illicit online trade.
