On November 25th, the launch of the pre-deposit campaign for the L2 project MegaETH was marred by technical issues. Instead of the planned $250 million, the project attracted $500 million due to a loss of control over the smart contract management.
— MegaETH (@megaeth) November 25, 2025
The cause was not a code hack but human error and incorrect handling of the multisig.
Chronology of the Failure
The MegaETH team planned to gather liquidity before the mainnet launch in December. The conditions seemed simple: start at 9:00 am (ET), a $250 million cap, a first-come, first-served basis, and KYC via the Sonar platform.
Problems began immediately after the start:
- Sonar crash — the user verification infrastructure could not handle the load. Servers went down at 9:01 due to request limit exceedance. Load testing for such an amount was not conducted before the launch;
- smart contract error — even before the site crashed, deposits were not processed. The SaleUUID parameter in the contract did not match Sonar’s settings.
It took the team 23 minutes to fix the error. They needed to gather signatures in the multisig wallet to update the parameters. During this time, thousands of users unsuccessfully attempted to send funds.
Once the bridge was operational, the $250 million cap was filled in 156 seconds.
Unfortunately our 3rd party provider received too many requests resulting in downtime.
The $250M cap filled within 156 seconds upon resolution.
We’ve decided to increase the cap to $1B in an effort to give users access to USDm day 1.
Bridge will reopen at 11am EST.
— MegaETH (@megaeth) November 25, 2025
Due to the lack of an official announcement about the fix, spots were taken by bots and users continuously refreshing the page.
Incident with Safe Multisig
Following a wave of criticism, the team decided to increase the cap to $1 billion and reopen fund acceptance at 11:00. This required changing the contract parameters again via the Safe multisig wallet.
The wallet management scheme required four out of six possible signatures, and developers gathered them in advance to simply send the transaction to the blockchain precisely at 11:00. This was the main mistake.
In Safe wallets, once the required number of signatures is collected, anyone can execute the transaction. This is a documented feature of the protocol, ensuring decentralization.
To explain what happened here:
The increase to $1B was executed ~30m early by chud. When required signatures on a transaction in a @safe are reached, ANYONE (even people not on the multisig) can execute the transaction. It’s a core feature and it can’t be turned off.
— YAM 🌱 (@yieldsandmore) November 25, 2025
A user under the pseudonym chud.eth noticed the fully signed transaction in the mempool and executed it himself 34 minutes ahead of the team’s schedule.
Consequences of the Chaos
The unexpected opening of deposits triggered a new influx of funds. The team watched as the balance rapidly increased beyond their control:
- an attempt to cap the collection at $400 million failed — the transaction was too late, as the amount had already exceeded this threshold;
- they managed to set the limit at $500 million.
The developers admitted defeat and abandoned plans to raise the cap to $1 billion.
We’ve encountered unexpected issues throughout the process and are no longer moving forward with the $1B cap.
We will be sharing a retro shortly.
We’ll also be including the ability for users to withdraw who no longer wish to participate.
Apologies for the turbulence.
— MegaETH (@megaeth) November 25, 2025
MegaETH acknowledged their fault, calling the incident “unacceptable.” The developers emphasized that the smart contracts worked perfectly, there were no vulnerabilities, and user funds were safe. The failure was due to human error and a lack of understanding of the documentation of the tools used.
Despite the issues, less than 5% of users took advantage of the offered withdrawal option. The MegaETH mainnet launch is still scheduled for December, with the token release planned for early 2026.
Back in October, MegaETH raised $1.39 billion from its token sale, with oversubscription exceeding 27x.