The Maestro team, operators of a group of cryptocurrency bots on the popular Telegram messenger app, has refunded affected users a total of 610 ETH, equivalent to more than $1 million, to cover their losses. The refund followed a significant security breach that saw hackers abscond with 280 ETH.
The exploit, which targeted the Maestro Router 2 contract, occurred on October 24, causing concerns and disruptions within the Maestro community. However, in a reassuring announcement made on October 25 via the platform’s Twitter account, Maestrobots confirmed that every wallet that suffered losses during the router exploit had been made whole.
In a spirit of fairness and completeness, Maestro chose to refund affected users in multiple ways. For nine out of the 11 exploited tokens, Maestro opted to buy and return the tokens to their rightful owners rather than simply sending ETH. This approach, according to Maestro, was the most equitable way to provide compensation, costing them a total of 276 ETH to secure users’ tokens.
However, for the other two tokens, Joe (JOE) and Lockheed Martin Inu (LMI), the lack of liquidity made it impractical to buy back the tokens. In these cases, affected users received their refunds in ETH, with a generous 20% bonus to compensate for the inconvenience. These refunds collectively amounted to 334 ETH.
Blockchain security firm CertiK independently verified the transactions related to these refunds, confirming that Maestro had indeed carried out the compensation as announced.
The security breach on October 24 had initially allowed attackers to siphon around 280 ETH worth of exploited tokens, equivalent to approximately $485,000 at the time. Maestro responded swiftly, identifying and removing the exploit within just 30 minutes of its initiation. The platform temporarily halted trading on tokens with pools on SushiSwap, ShibaSwap, and ETH PancakeSwap as a precautionary measure.
Notably, Maestro reassured its users that their wallets had not been compromised during the attack, emphasizing that the exploit was solely directed at the Router contract.
CertiK’s executive summary revealed that a total of 106 user addresses were affected by the smart contract breach, with various tokens, including LMI, JOE, Mog Coin (MOG), ApeSwap (BANANA), and others falling victim to the exploit. Remarkably, many of these tokens exhibited resilience by bouncing back in value, driven by the anticipation of Maestro’s market buyback.
Maestro, known as MaestroBots on Telegram, is a widely used bot platform that enables trading across Ethereum, BNB Chain, and Arbitrum. With a default transaction fee of 1%, Maestro facilitates trades across these networks using three distinct bots: the Maestro Whale Bot, the Maestro Sniper Bot, and the Maestro Wallet Bot. The platform boasts a substantial following on Telegram, with more than 100,000 subscribers on its Maestro Bots Hub channel and over 24,000 followers on its X account.