Ошибки управления приводят к катастрофе: MegaETH теряет контроль над $500 млн в преддверии запуска Translation: Management errors lead to disaster: MegaETH loses control over $500 million ahead of launch

On November 25, the launch of the pre-deposit campaign for the L2 project MegaETH encountered technical difficulties. Instead of the anticipated $250 million, the project raised $500 million due to a loss of control over the management of the smart contract.

The issue was not a code hack, but rather a human error related to the handling of multi-signature wallets.

The MegaETH team aimed to gather liquidity ahead of the mainnet launch scheduled for December. The conditions appeared straightforward: a launch at 9:00 AM (ET), a limit of $250 million, a «first come, first served» basis, and KYC through the Sonar platform.

Problems arose immediately after the launch:

It took the team 23 minutes to rectify the error. They needed to gather signatures in the multi-sig wallet to update the parameters. During this time, thousands of users were unsuccessfully trying to send their funds.

As soon as the bridge became operational, the $250 million limit was filled in just 156 seconds.

Due to the lack of an official announcement regarding the fix, the opportunity was seized by bots and users who continuously refreshed the page.

In response to a wave of criticism, the team decided to raise the limit to $1 billion and reopen fund acceptance at 11:00 AM. This required another modification of the contract parameters via the Safe multi-sig wallet.

The wallet management scheme necessitated four signatures out of six possible, and developers had gathered these in advance to initiate the transaction exactly at 11:00 AM. This turned out to be their main mistake.

In Safe wallets, as soon as the required number of signatures is collected, anyone can execute the transaction. This is a documented feature of the protocol that ensures decentralization.

A user under the pseudonym chud.eth noticed a fully signed transaction in the mempool and executed it independently 34 minutes ahead of the team’s scheduled plan.

The unexpected reopening of deposits led to a new influx of funds. The team watched as the balance surged rapidly beyond their control:

The developers conceded defeat and abandoned plans to raise the cap to $1 billion.

MegaETH labeled the incident as «unacceptable.» The developers emphasized that the smart contracts were functioning perfectly, with no vulnerabilities and users’ funds secured. The cause of the failure lay in human error and a lack of familiarity with the documentation of the tools used.

Despite the issues, less than 5% of users took advantage of the withdrawal option offered. The MegaETH mainnet launch is still set for December, with the token release scheduled for early 2026.

As a reminder, on October 30, following the token sale, MegaETH raised $1.39 billion, with an oversubscription rate exceeding 27 times.