Cosmos (ATOM) : le DEX Osmosis (OSMO) mis à l

DEX Osmosis (OSMO) shut down following $5 million breach

Pools of cash drained on Osmosis

Early this morning, a flaw was discovered in the liquidity pools of the decentralized exchange (DEX) Osmosis (OSMO) which relies on its own dedicated blockchain. The information, first revealed by a user of the Reddit platform (the post has since been deleted), was officially confirmed by the Osmosis teams on Twitter.

In order to prevent possible further financial damage, the blockchain that supports the DEX has been shut down at block n°4 713 064 according to explorer mintscan. However, a malicious user had time to exploit the loophole in his interest.

According to Osmosis, the amount of larceny would be around 5 million dollars. The thief’s transactions (visible on the block explorer) have been finalized 2 blocks before blockchain shutdown.

According to the latest press release from the teams in charge of the protocol, the flaw has been identified and a patch has been applied accordingly. Internal tests are in progress in order to verify if a similar flaw is not exploitable, and restart orders will then be communicated to the validators of the network in order to be able to resume operations as soon as possible.

However, it is expected that a detailed report is communicated in the next few days and that a series of in-depth tests are put in place by the technical teams on the blockchain in order to propose a possible update of the network.

👉 Also read: 7 best practices to protect your cryptocurrency portfolio from a hack

The course of the attack

According to the Reddit user who first reported the flaw, it is was located directly at the level of the liquidity pools themselves. According to his observation, if a DEX user contributed liquidity to a pool, he was able to withdraw it. 50% more, without any lock-in period.

The attacker has thus multiplied transactions using this method. However, he may have discovered it by pure chance.

Indeed, according to the on-chain data, only 26 OSMO tokens (about $30 at the time of the attack) was added to the liquidity pool in the first trade, resulting in an initial profit of 13 additional OSMOs when withdrawing.

The second transaction is much more substantial: the malicious user deposited 101,230 OSMO tokens (i.e. over $116,000 at the time of the attack) into the pool, a gain of $58,207 in the form of OSMO.

He thus repeated the operation in a loop, each time with a larger amount, before transfer part of its tokens to another wallet from which he again repeated the operation. There are therefore, in total, approximately $5 million that have been siphoned off by this process.

The price of the OSMO token was impacted to a lesser extent, suffering a loss in value of the order of 7% over 24 hours. He exchanges currently at $1.11far from its ATH (highest price) of $11.25 reached on March 4, 2022.

👉 On the same subject: Bored Ape Yacht Club (BAYC) Discord server hacked, 32 NFTs are stolen

Source: Reddit

Newsletter 🍞

Get a crypto news recap every Sunday 👌 And that’s it.

About the Author : Maximilien Prue

twitter-soothsayerdata

Passionate about the world of decentralized finance and the novelties brought by Web 3.0, I write articles for Cryptoast to help make the blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
All articles by Maximilien Prué.

Leave a Comment

Your email address will not be published. Required fields are marked *