This DeFi Protocol Just Got Hacked for $6.9 Million – Here’s What Happened
In a statement published on Sunday, the team behind Lodestar admitted that the hack has created “a bad situation” and that “options are limited.”
The team said in the statement that the hack was made possible by manipulation of a price oracle in the protocol, which caused an “instantaneous change in the price.” This ultimately allowed the attacker to “borrow more than they should have been allowed,” resulting in a profit for the person or group behind the attack.
Going forward, the Lodestar team said the main priority is to work on recovering what they believe is recoverable, and then try to establish communications with the attacker.
“The Lodestar team is going to base our recovery plan off the approximately 2,720,000 GLP that is recoverable from the plvGLP contract,” the statement said, adding that further details about this recovery will be provided as they become available.
“In the meantime we will continue to try to reach out to the hacker and see if we can reach an agreement to return more of the user’s funds,” the team added in the statement.
The Lodestar Twitter account then went on to reach out directly to the attacker, offering to “find a white-hat agreement and move on.
“Recovering the funds of our users is the main priority and we will generously reward your collaboration,” the tweet said.
If you are the hacker, reach out to us so we can find a white-hat agreement and move on.— Lodestar Finance 🌟 (@LodestarFinance) December 10, 2022
Recovering the funds of our users is the main priority and we will generously reward your collaboration.#Hack #whitehat #Arbitrum $LODE #Exploit #DEFI https://t.co/SWlCr3KMib
The statement from the Lodestar team came after a team member earlier in the weekend wrote in a user forum that the team is “working through what appears to be a potential exploit.”
He added that withdrawals “remain open, but are likely not able to be processed right now,” as liquidity on the protocol has come under pressure.
The case was also commented on by several community members on twitter, with one popular crypto Twitter user and developer sharing the entire process of how the hacker went about the attack.
The same user explained that there is now essentially nothing of value left in Lodestar. “It’s all bad debt,” he said.
The path forward depends entirely on the @LodestarFinance and @PlutusDAO_io teams. There's no valuables left in Lodestar, it's all bad debt.— BowTiedPickle.eth | Solidity Shipper (@BowTiedPickle) December 10, 2022
Both parties will have to unravel the attack and see who bears responsibility, and what, if anything, can be done for the affected users.
LODE token crashes
As a result of the hack, the price of Lodestar’s own token, LODE, went into a nosedive. At the time of writing on Monday, the price of LODE stood at $0.1535, down 7.7% for the past 24 hours and down almost 60% in the past 7 days.
The LODE token has a tiny market capitalization of just $181k, and can only be traded on the Uniswap decentralized exchange, according to data from CoinGecko.
The Lodestar protocol is built on Arbitrum, a major second-layer scaling network for Ethereum.