Osmosis DEX Hacked for USD 5M, Team Denies Liquidity Pools Being ‘Completely Drained’
The project’s official Twitter account confirmed the hack but denied allegations that liquidity pools were completely drained. “Devs are fixing the bug, scoping the size of losses (likely in the range of ~[USD]5M), and working on recovery.”
Liquidity pools were NOT "completely drained".— Osmosis ⚡️🧪 (@osmosiszone) June 8, 2022
Devs are fixing the bug, scoping the size of losses (likely in the range of ~$5M), and working on recovery.
More info to come. https://t.co/WOu7MMgSUM
To prevent users from exploiting the vulnerability, the network validators halted the chain.
“As of block #4713064 the Osmosis chain has been halted for emergency maintenance,” said network validator ‘EmperorOsmo(Hathor Nodes)’. “At this time the Osmosis DEX and Wallet are inoperable, until repairs are completed.”
The exploit was reportedly possible due to a “critical bug” in the protocol’s liquidity pools that allowed everyone to increase their position by 50% simply after adding and removing liquidity to any pool. The bug could have potentially drained all liquidity pools.
Damage has been done where users started taking advantage of this process while it is prone to the snowball effect.— Junønaut (@TheJunonaut) June 8, 2022
For example this address has repeatedly executed the bug for more than 30 minutes, IBC transferring ~75K $ATOM from Osmosis.https://t.co/Nb3qhhBngQ pic.twitter.com/f3cRhvBNF5
On-chain transactions show that users had already started exploiting the vulnerability before the network was stopped. For instance, one address that “repeatedly executed the bug for more than 30 minutes” managed to make off with around USD 75,000 worth of ATOM, per user ‘Junønaut’.
According to DeFi Llama, Osmosis currently has a total value locked (TVL) of more than USD 212.77m.
The project’s native token OSMO has also been adversely affected by the recent exploit. The token is currently trading at USD 1.08, down by 4.1% over the past 24 hours. In the past 7 days, it’s down 22%, as well as 68% in a month.
– DeFi Lending Protocol Fortress Loses All Funds in Oracle Price Manipulation Attack
– Deus DAO Exploited Again, Loses Reported USD 13M+ in Flashloan Attack
– Beanstalk Hacker Drains USD 182M from Project, But Nets Only USD 80M
– The Blame Game Begins as Bored Apes Co-Founder Criticized for Blaming Discord Following Another NFT Exploit
– Terra’s Mirror Protocol Survival Was in Question, Crisis Reportedly ‘Averted’ – UPDATED
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes