Synapse 2021 nUSD metapool exploit
An attacker manipulated the Avalanche nUSD metapool virtual price by approximately 12.5% through a bug in the Saddle-derived metapool implementation. The attacker attempted to move approximately $8.2 million in nUSD through the bridge while validators were offline; the malicious transaction was not processed and affected liquidity providers were to be made whole.
Incident facts
- Incident title
- Synapse 2021 nUSD metapool exploit
- Bridge
- Synapse Protocol
- Incident date
- 2021-11-06
- Incident type
- Exploit
- Major incident
- Yes
- Affected chains
- Avalanche, Unknown
- Affected assets
- nUSD, USDC, Unknown
- Attack category
- Metapool Virtual Price Bug
- Reported loss
- No ultimate fund loss reported; approximately $8.2 million nUSD protected
- Recovery
- Funds Protected
- Reimbursement
- In Progress
- Restart
- Reopened
- Current outcome
- Active After Incident
- Resolution
- Unresolved
- Last reviewed
- 2026-06-15
- Last verified
- 2026-06-15
Timeline events
Synapse paused metapools, AMM, and bridge after nUSD manipulation2021-11-06
Synapse identified abnormal nUSD metapool pricing, paused pools across six chains, and coordinated validators to go offline.
Approximately $8.2 million nUSD transfer left unprocessed2021-11-06
Validators did not process the attacker's approximately $8.2 million nUSD bridge transaction, preserving the funds for affected liquidity providers.
Synapse restored the bridge and began pool migration2021-11-07
New pools were deployed, validators returned online, pending transactions were processed, and migration away from the vulnerable metapool design began.
Evidence records
- 11/06/2021: Post-mortem of nUSD Metapool ExploitSynapse Protocol · Tier 1 · 2021-11-10
- Explained: The Synapse and Nerve Bridge HacksHalborn · Tier 2 · 2021-11-24
Known unknowns
- Final liquidity-provider distribution completion is unverified.