On May 2024, MetaDragon was exploited in a access control, resulting in approximately $180K in losses. That makes the MetaDragon exploit the 172nd largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the MetaDragon Access Control Played Out
Exploit Class Applied to MetaDragon
The MetaDragon incident on May 29, 2024 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, MetaDragon is 1 of 77 documented access control incidents.
MetaDragon in Context
At $180K, the MetaDragon exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Corkprotocol (2025) at $12M.
Prior Access Control Before MetaDragon
The nearest access control incident before MetaDragon was GFOX, 19 days earlier on May 10, 2024 ($330K lost). The same exploit class surfaced again within the access control attack surface.
MetaDragon Vulnerability Signature
The primary source categorises the MetaDragon exploit specifically as “Lack of Access Control”. This narrower label is entity-specific: it reflects how the MetaDragon contract failed, rather than the broad access control pattern alone.
Impact & Recovery for MetaDragon
MetaDragon Loss Figure
The MetaDragon exploit caused $180,000 in losses — a minor (<$1M) incident and the 49th largest of 188 documented in 2024.
Where MetaDragon Sits Among Access Control Attacks
Ranked by loss size, MetaDragon is the 18th largest of 77 access control incidents documented. That puts the MetaDragon loss below the class average of $636K.
Timeline Since the MetaDragon Incident
The MetaDragon exploit occurred 1.9 years ago (685 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for MetaDragon
Public post-mortem / on-chain analysis for the MetaDragon incident: view source.
FAQ
How much did MetaDragon lose?
The MetaDragon exploit in May 2024 resulted in $180,000 in losses — the 49th largest of 188 DeFi incidents that year.
When did the MetaDragon hack happen?
The MetaDragon exploit was recorded on May 29, 2024 — 685 days ago.
What type of exploit hit MetaDragon?
The MetaDragon incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at MetaDragon?
Our archive contains 77 documented access control incidents. The MetaDragon incident is one of them.
How does MetaDragon compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The MetaDragon loss is $180K.
What are the types of blockchain models mentioned?
Public, private, permissioned, and permissionless.
How does the proposed cross-chain protocol provide offline tolerance?
The protocol is encoded into a P2SH script, allowing it to function even when participants are offline.