How was the 15,000 cmETH stolen from Bybit recovered?
cmETH is a proof-of-stake asset circulating on layer2 networks, which will interact and combine with various layer2 protocols.Author: Haotian
In the asset tracking analysis report disclosed by SlowMist and the Cosine Security team yesterday, it was mentioned that a withdrawal of 15,000 cmETH was successfully blocked by the mETH Protocol, recovering a loss of $42 million. Many friends must be curious about what happened here?
The mETH Protocol is a liquid staking protocol launched on the Ethereum mainnet by the Mantle layer2 chain to allow users to earn native yields when depositing ETH on layer2. It is a liquid staking asset with a cumulative deposit volume second only to stETH, wBETH, and rETH.
Mantle, with mETH as its core focus, absorbs liquidity from various layer2 chains and has become an interactive liquidity scheduling center for layer2. One can imagine how strategically important mETH is to the Mantle chain.
cmETH is the re-staked asset of mETH, meaning users can re-stake their circulating mETH assets to exchange for cmETH assets. Compared to mETH, cmETH carries an additional re-staking leverage risk but can be mined in various layer2 campaign activities to earn its new governance token $COOK.
In short, cmETH is an asset representing rights circulating in the layer2 network, which interacts and combines with various layer2 protocols.
Due to this complex business interaction logic, the cmETH protocol has incorporated three key security mechanisms in its design:
- Address blacklist mechanism, which can quickly blacklist addresses marked as hackers to restrict their transfers or interactions with cmETH assets;
- Contract can be temporarily paused; in case of emergencies, the team has the authority to urgently pause withdrawal operations to prevent suspicious asset circulation;
- Delayed withdrawal mechanism, employing a FIFO (first in, first out) queue mechanism, with a built-in withdrawal delay of up to 7 days (this event is 8 hours), providing a cooling-off response time for the team to identify abnormal withdrawal behaviors on-chain.
Although it seems that a certain degree of decentralization has been sacrificed for security, it should be noted that cmETH is a re-staked (leveraged) asset built on top of mETH, primarily used as a rights certificate for mining in various DeFi protocols, and its security is crucial for the overall liquidity safety across cross-chain and cross-protocol systems.
At this stage, as an important component of the Mantle ecosystem, it is reasonable to consider and design additional security mechanisms to respond to hacker attacks and emergencies.
It was just unexpected that the design of cmETH did not play a role in the complex combinatorial ecosystem of on-chain DEX but instead made a significant contribution by intercepting assets for Bybit.
