[NEW]: MegaETH Pre-Deposit Bridge: How KYC Errors, Rate Limits, and a Multisig Loophole Turned a $250M Launch Into a $500M Chaos #1264
Description
Date
2025-11-25
Description
On November 25, 2025, MegaETH's pre-deposit campaign for its Ethereum Layer 2 blockchain descended into chaos due to a cascade of technical and operational failures. The launch began with a SaleUUID mismatch in the Pre-Deposit Contract, requiring a multi-signature transaction fix that introduced delays. Simultaneously, Sonar's KYC API was misconfigured with rate limits set too low, blocking legitimate users for 23 minutes. When the system finally resumed at a random time, the $250 million cap filled in just 156 seconds by users who were frantically refreshing the page. The team then planned to raise the cap to $1 billion at the top of the hour, gathering the required 4 of 6 multisig signatures in advance. However, an unfamiliar team member didn't realize that Safe's multisig allows anyone to execute a fully-signed transaction once threshold signatures are met—a user named chud.eth seized this opportunity and executed the transaction 30 minutes early, triggering a rush that pushed deposits to $500 million before the team could react.
The incident exposed critical operational failures despite the contracts themselves being secure and audited. While no funds were ever at risk and the smart contracts functioned as designed, the human errors—misconfigured UUIDs, inadequate rate limiting, poor coordination timing, and unfamiliarity with Safe's execution features—created a "subpar user experience" that the team acknowledged as "not acceptable." The chaos split community sentiment roughly 60/40 bearish, with many demanding refunds and criticizing the operational incompetence, though some viewed the overwhelming demand ($500 million locked pre-mainnet) as bullish validation of the project's potential. MegaETH offered withdrawals to those who deposited expecting the $250 million cap, abandoned the planned $1 billion expansion, and committed to transparency through a detailed post-mortem. The episode became a cautionary tale about the gap between flawless code and flawed operations in crypto launches, while chud.eth entered "crypto folklore" for exploiting a legitimate platform feature.
Links
https://x.com/megaeth/status/1993395774164488361
https://forklog.com/en/operational-errors-lead-to-500-million-chaos-in-megaeth-launch/
Agreement
- I irrevocably agree to release my contribution under the CC-BY 3.0 License
Attribution name
plugrel
Personal link
x.com/plugrel